BDU:2024-07563

BDU

Medium

Уязвимость директивы JkShmFile модуля mod_jk коннектора Apache Tomcat JK Connector, связанная с некорректно используемыми стандартными разр…

CVSS

5.9

Medium

EPSS

0.00

Published

2024-01-01

Updated

2024-01-01

Description

Уязвимость директивы JkShmFile модуля mod_jk коннектора Apache Tomcat JK Connector, связанная с некорректно используемыми стандартными разрешениями. Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию о модуле mod_jk или вызвать отказ в обслуживании

Affected products

Apache software foundation Tomcat jk connectorApache software foundation Tomcat jk connectorApache software foundation Tomcat jk connectorApache software foundation Tomcat jk connectorRed hat inc. Jboss core servicesRed hat inc. Jboss core servicesRed hat inc. Jboss core servicesRed hat inc. Jboss core servicesRed hat inc. Jboss web serverRed hat inc. Jboss web serverRed hat inc. Jboss web serverRed hat inc. Jboss web serverRed hat inc. Jboss web serverRed hat inc. Jboss web serverRed hat inc. Jboss web serverRed hat inc. Jboss web server

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Timeline

2024-01-01

Published

2024-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: L

Low (L)

Integrity Impact

I: L

Low (L)

Availability Impact

A: L

Low (L)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Red Hat

Jboss Core Services Jboss Web Server

Apache

Tomcat Jk Connector

Product	Vendor	Status
tomcat jk connector	apache software foundation	Tracked
tomcat jk connector	apache software foundation	Tracked
tomcat jk connector	apache software foundation	Tracked
tomcat jk connector	apache software foundation	Tracked
jboss core services	red hat inc.	Tracked
jboss core services	red hat inc.	Tracked
jboss core services	red hat inc.	Tracked
jboss core services	red hat inc.	Tracked
jboss web server	red hat inc.	Tracked
jboss web server	red hat inc.	Tracked
jboss web server	red hat inc.	Tracked
jboss web server	red hat inc.	Tracked
jboss web server	red hat inc.	Tracked
jboss web server	red hat inc.	Tracked
jboss web server	red hat inc.	Tracked
jboss web server	red hat inc.	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2024-46544

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-46544@https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d@https://tomcat.apache.org/security-jk.html@https://access.redhat.com/security/cve/cve-2024-46544@https://security-tracker.debian.org/tracker/CVE-2024-46544@https://vuldb.com/?id.278283