PT-2024-6476 · Apache+5 · Apache Tomcat Connectors+5

Mark Thomas

Published

2024-08-06

Updated

2026-06-02

CVE-2024-46544

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Apache Tomcat Connectors versions 1.2.9-beta through 1.2.49

Description The issue allows local users to view and modify shared memory containing mod jk configuration, which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors on Unix-like systems, but neither the ISAPI redirector nor mod jk on Windows is affected.

Recommendations For versions 1.2.9-beta through 1.2.49, upgrade to version 1.2.50, which fixes the issue. As a temporary workaround, consider restricting access to the shared memory containing mod jk configuration to minimize the risk of exploitation.

Fix

DoS

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

ALSA-2024:7457

BDU:2024-07563

CVE-2024-46544

DLA-3919-1

INFSA-2024_7457

MGASA-2024-0315

OPENSUSE-SU-2025_0102-1

RHSA-2024:6927

RHSA-2024:7457

RHSA-2024:8928

RHSA-2024:8929

RHSA-2024_7457

SUSE-SU-2025:0102-1

SUSE-SU-2025:0143-1

SUSE-SU-2025_0143-1

USN-8369-1

Affected Products

Almalinux

Apache Tomcat Connectors

Debian

Red Hat

Rocky Linux

Suse

PT-2024-6476 · Apache+5 · Apache Tomcat Connectors+5

CVE-2024-46544

Weakness Enumeration

Related Identifiers

Affected Products

References · 43