Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.

[thredds] Fwd: [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service

  • To: THREDDS community <thredds@xxxxxxxxxxxxxxxx>
  • Subject: [thredds] Fwd: [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service
  • From: Jennifer Oxelson Ganter <oxelson@xxxxxxxx>
  • Date: Mon, 23 Sep 2024 08:18:05 -0600
For those of you who use mod_jk, please upgrade to the latest version.

---------- Forwarded message ---------
From: Mark Thomas <markt@xxxxxxxxxx>
Date: Mon, Sep 23, 2024 at 4:43 AM
Subject: [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure /
Denial of Service
To: Tomcat Users List <users@xxxxxxxxxxxxxxxxx>
Cc: Tomcat Developers List <dev@xxxxxxxxxxxxxxxxx>, <announce@xxxxxxxxxx>,
announce@xxxxxxxxxxxxxxxxx <announce@xxxxxxxxxxxxxxxxx>


CVE-2024-46544 Apache mod_jk - Information Disclosure / DoS

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- JK 1.2.9-1.2.49 (mod_jk on Unix like platforms only)

Description:
Incorrect default permissions for the memory mapped file configured by
the JkShmFile directive on Unix like systems allows local users to view
and/or modify the contents of the shared memory containing mod_jk
configuration and status information. This could result in information
disclosure and/or denial of service.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to mod_jk 1.2.50 or later

History:
2024-09-23 Original advisory

References:
[1] https://tomcat.apache.org/security-jk.html


-- 
------------------------------------------------------------------------------------
Jennifer Oxelson Ganter                                       NSF Unidata
Software Engineer IV                                          P.O. Box 3000
oxelson@xxxxxxxx                                       Boulder, CO 80307
------------------------------------------------------------------------------------
  • 2024 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: