{
  "threat_severity" : "Moderate",
  "public_date" : "2024-09-23T11:15:10Z",
  "bugzilla" : {
    "description" : "mod_jk: information Disclosure / DoS",
    "id" : "2314194",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2314194"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-276",
  "details" : [ "Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service.\nThis issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected.\nUsers are recommended to upgrade to version 1.2.50, which fixes the issue.", "An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing mod_jk configuration, which may lead to information disclosure and denial of service." ],
  "affected_release" : [ {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:6927",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_jk-0:1.2.50-3.redhat_1.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:6927",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_jk-0:1.2.50-3.redhat_1.el7jbcs"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-10-01T00:00:00Z",
    "advisory" : "RHSA-2024:7457",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "mod_jk-0:1.2.50-1.el9_4.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2024-11-06T00:00:00Z",
    "advisory" : "RHSA-2024:8928",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "mod_jk-0:1.2.50-1.el9_0.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-11-06T00:00:00Z",
    "advisory" : "RHSA-2024:8929",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "mod_jk-0:1.2.50-1.el9_2.1"
  }, {
    "product_name" : "Text-Only JBCS",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:6928",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-46544\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46544\nhttps://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d" ],
  "name" : "CVE-2024-46544",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}