Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-be2x-k5w6-fybd

Summary Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.

Aliases

alias	CVE-2024-46544

Fixed_packages

url	pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%2Bdeb12u2
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%252Bdeb12u2

url	pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/libapache-mod-jk@1:1.2.50-1?distro=trixie
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.50-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.50-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/libapache-mod-jk@1:1.2.5-2sarge1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.5-2sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-cjfj-4js9-tyf2

vulnerability	VCID-f5mx-3ftb-ykhz

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

vulnerability	VCID-wcfh-wsfa-3ufv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.5-2sarge1

url pkg:deb/debian/libapache-mod-jk@1:1.2.18-3

purl pkg:deb/debian/libapache-mod-jk@1:1.2.18-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-cjfj-4js9-tyf2

vulnerability	VCID-f5mx-3ftb-ykhz

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

vulnerability	VCID-wcfh-wsfa-3ufv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.18-3

url pkg:deb/debian/libapache-mod-jk@1:1.2.18-3etch2

purl pkg:deb/debian/libapache-mod-jk@1:1.2.18-3etch2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-cjfj-4js9-tyf2

vulnerability	VCID-f5mx-3ftb-ykhz

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

vulnerability	VCID-wcfh-wsfa-3ufv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.18-3etch2

url pkg:deb/debian/libapache-mod-jk@1:1.2.26-2%2Blenny1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.26-2%2Blenny1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-cjfj-4js9-tyf2

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.26-2%252Blenny1

url pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze1

url pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze2

purl pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze2

url pkg:deb/debian/libapache-mod-jk@1:1.2.37-1%2Bdeb7u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.37-1%2Bdeb7u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-1%252Bdeb7u1

url pkg:deb/debian/libapache-mod-jk@1:1.2.37-4

purl pkg:deb/debian/libapache-mod-jk@1:1.2.37-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-4

url pkg:deb/debian/libapache-mod-jk@1:1.2.37-4%2Bdeb8u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.37-4%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-4%252Bdeb8u1

url pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%2Bdeb9u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%252Bdeb9u1

url pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%2Bdeb10u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%252Bdeb10u1

url pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%252Bdeb11u1

url pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.50-3.redhat_1?arch=el8jbcs

purl pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.50-3.redhat_1?arch=el8jbcs

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.50-3.redhat_1%3Farch=el8jbcs

url pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.50-3.redhat_1?arch=el7jbcs

purl pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.50-3.redhat_1?arch=el7jbcs

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.50-3.redhat_1%3Farch=el7jbcs

url pkg:rpm/redhat/mod_jk@1.2.50-1.el9_0?arch=1

purl pkg:rpm/redhat/mod_jk@1.2.50-1.el9_0?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_jk@1.2.50-1.el9_0%3Farch=1

url pkg:rpm/redhat/mod_jk@1.2.50-1.el9_2?arch=1

purl pkg:rpm/redhat/mod_jk@1.2.50-1.el9_2?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_jk@1.2.50-1.el9_2%3Farch=1

url pkg:rpm/redhat/mod_jk@1.2.50-1.el9_4?arch=1

purl pkg:rpm/redhat/mod_jk@1.2.50-1.el9_4?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_jk@1.2.50-1.el9_4%3Farch=1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46544.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46544.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-46544

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11965
published_at	2026-06-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1208
published_at	2026-06-05T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.12077
published_at	2026-06-06T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1204
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-46544

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46544
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46544

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082713
reference_id	1082713
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082713

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2314194
reference_id	2314194
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2314194

reference_url

https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d

reference_id

q1gp7cc38hs1r8gj8gfnopwznd5fpr4d

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T17:36:05Z/

url

https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d

reference_url	https://access.redhat.com/errata/RHSA-2024:6927
reference_id	RHSA-2024:6927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6927

reference_url	https://access.redhat.com/errata/RHSA-2024:6928
reference_id	RHSA-2024:6928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6928

reference_url	https://access.redhat.com/errata/RHSA-2024:7457
reference_id	RHSA-2024:7457
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7457

reference_url	https://access.redhat.com/errata/RHSA-2024:8928
reference_id	RHSA-2024:8928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8928

reference_url	https://access.redhat.com/errata/RHSA-2024:8929
reference_id	RHSA-2024:8929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8929

reference_url	https://usn.ubuntu.com/8369-1/
reference_id	USN-8369-1
reference_type
scores
url	https://usn.ubuntu.com/8369-1/

Weaknesses

cwe_id	276
name	Incorrect Default Permissions
description	During installation, installed file permissions are set to allow anyone to modify those files.

Exploits

Severity_range_score 5.9 - 6.1

Exploitability 0.5

Weighted_severity 5.3

Risk_score 2.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be2x-k5w6-fybd

Vulnerability Instance