Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-46544 |
CWE-ID | CWE-276 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
mod_jk Web applications / Other software |
Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU97659
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46544
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions for the memory mapped file configured by the JkShmFile directive on Unix like systems. A local user can view or modify the contents of the shared memory containing mod_jk configuration and status information, which can lead to information disclosure or denial of service.
Install update from vendor's website.
Vulnerable software versionsmod_jk: 1.2.10 - 1.2.49
CPE2.3http://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.