Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
For those of you who use mod_jk, please upgrade to the latest version. ---------- Forwarded message --------- From: Mark Thomas <markt@xxxxxxxxxx> Date: Mon, Sep 23, 2024 at 4:43 AM Subject: [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service To: Tomcat Users List <users@xxxxxxxxxxxxxxxxx> Cc: Tomcat Developers List <dev@xxxxxxxxxxxxxxxxx>, <announce@xxxxxxxxxx>, announce@xxxxxxxxxxxxxxxxx <announce@xxxxxxxxxxxxxxxxx> CVE-2024-46544 Apache mod_jk - Information Disclosure / DoS Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - JK 1.2.9-1.2.49 (mod_jk on Unix like platforms only) Description: Incorrect default permissions for the memory mapped file configured by the JkShmFile directive on Unix like systems allows local users to view and/or modify the contents of the shared memory containing mod_jk configuration and status information. This could result in information disclosure and/or denial of service. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to mod_jk 1.2.50 or later History: 2024-09-23 Original advisory References: [1] https://tomcat.apache.org/security-jk.html -- ------------------------------------------------------------------------------------ Jennifer Oxelson Ganter NSF Unidata Software Engineer IV P.O. Box 3000 oxelson@xxxxxxxx Boulder, CO 80307 ------------------------------------------------------------------------------------
thredds
archives: