Apache Tomcat Connectors: Schwachstelle ermöglicht Denial of Service
CVE-2024-46544 is a vulnerability in the Apache Tomcat Connectors mod_jk module prior to version 1. 2. 50. This flaw can lead to information disclosure and denial of service (DoS) conditions. The vulnerability affects mod_jk versions before 1. 2. 50 and has been addressed in the upstream 1. 2. 50 release. Red Hat has issued security advisories providing updated mod_jk packages that fix this issue for various Red Hat Enterprise Linux versions.
AI Analysis
Technical Summary
The Apache Tomcat Connectors mod_jk module, which enables communication between the Apache HTTP Server and the Apache Tomcat servlet engine, contains a vulnerability identified as CVE-2024-46544. This vulnerability allows for information disclosure and denial of service attacks. The issue affects mod_jk versions prior to 1.2.50. Red Hat advisories RHSA-2024:7457 and RHSA-2024:8928 confirm that the vulnerability is fixed by rebasing to the upstream 1.2.50 release. Updated packages are available for Red Hat Enterprise Linux 9.x and related variants. The advisories classify the severity as Moderate and provide instructions for applying the updates.
Potential Impact
Successful exploitation of this vulnerability could result in unauthorized information disclosure and denial of service conditions affecting the Apache Tomcat Connectors mod_jk module. This could disrupt communication between the Apache HTTP Server and the Tomcat servlet engine, potentially impacting web application availability and confidentiality. There are no reports of active exploitation in the wild.
Mitigation Recommendations
A fix is available and has been released as part of the upstream mod_jk 1.2.50 update. Red Hat has provided updated mod_jk packages for Red Hat Enterprise Linux 9.x and related distributions. Users should apply these official updates promptly to remediate the vulnerability. For detailed update instructions, refer to Red Hat's advisory and article at https://access.redhat.com/articles/11258. No additional mitigation actions are indicated by the vendor advisory.
Apache Tomcat Connectors: Schwachstelle ermöglicht Denial of Service
Description
CVE-2024-46544 is a vulnerability in the Apache Tomcat Connectors mod_jk module prior to version 1. 2. 50. This flaw can lead to information disclosure and denial of service (DoS) conditions. The vulnerability affects mod_jk versions before 1. 2. 50 and has been addressed in the upstream 1. 2. 50 release. Red Hat has issued security advisories providing updated mod_jk packages that fix this issue for various Red Hat Enterprise Linux versions.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Apache Tomcat Connectors mod_jk module, which enables communication between the Apache HTTP Server and the Apache Tomcat servlet engine, contains a vulnerability identified as CVE-2024-46544. This vulnerability allows for information disclosure and denial of service attacks. The issue affects mod_jk versions prior to 1.2.50. Red Hat advisories RHSA-2024:7457 and RHSA-2024:8928 confirm that the vulnerability is fixed by rebasing to the upstream 1.2.50 release. Updated packages are available for Red Hat Enterprise Linux 9.x and related variants. The advisories classify the severity as Moderate and provide instructions for applying the updates.
Potential Impact
Successful exploitation of this vulnerability could result in unauthorized information disclosure and denial of service conditions affecting the Apache Tomcat Connectors mod_jk module. This could disrupt communication between the Apache HTTP Server and the Tomcat servlet engine, potentially impacting web application availability and confidentiality. There are no reports of active exploitation in the wild.
Mitigation Recommendations
A fix is available and has been released as part of the upstream mod_jk 1.2.50 update. Red Hat has provided updated mod_jk packages for Red Hat Enterprise Linux 9.x and related distributions. Users should apply these official updates promptly to remediate the vulnerability. For detailed update instructions, refer to Red Hat's advisory and article at https://access.redhat.com/articles/11258. No additional mitigation actions are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_base
- Csaf Version
- 2.0
- Publisher
- Bundesamt für Sicherheit in der Informationstechnik
- Advisory Id
- WID-SEC-W-2024-2205
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a209864e29bf47b50ec128a
Added to database: 6/3/2026, 9:11:00 PM
Last enriched: 6/3/2026, 9:24:27 PM
Last updated: 6/3/2026, 10:28:21 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.