| Package | libapache-mod-jk |
|---|---|
| Version | 1:1.2.46-0+deb8u3 (jessie), 1:1.2.46-1+deb10u3 (buster) |
| Related CVEs | CVE-2024-46544 |
It was discovered that there was an insecure configuration issue in
libapache-mod-jk, an Apache web server module used to forward requests from
Apache to Tomcat using the AJP protocol.
An issue with incorrect default permissions could have allowed local users to
view and modify shared memory containing mod_jk’s configuration, which may
have potentially led to information disclosure and/or a denial of service
attack.
For Debian 10 buster, these problems have been fixed in version 1:1.2.46-1+deb10u3.
We recommend that you upgrade your libapache-mod-jk packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.