{"id":"CVE-2024-46544","details":"Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service.\n\nThis issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected.\n\nUsers are recommended to upgrade to version 1.2.50, which fixes the issue.","modified":"2026-04-16T04:37:39.529463472Z","published":"2024-09-23T11:15:10.563Z","related":["ALSA-2024:7457","SUSE-SU-2025:0102-1","SUSE-SU-2025:0143-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00010.html"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/09/23/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat-connectors","events":[{"introduced":"f48d0853cc16db3a62e27f0a1bf3522b8044906f"},{"fixed":"9612683ac09ebb06aca9ad25cdd7274152c6d031"}],"database_specific":{"versions":[{"introduced":"1.2.9"},{"fixed":"1.2.50"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46544.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}