CVE-2012-1154
Last modified
CVE-2012-1154 is a vulnerability of currently unknown severity. mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.. EPSS estimates a 2.59% chance of exploitation in the next 30 days.
Description
mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 5.1.2 |
| Redhat | Mod Cluster | 1.0.10 |
| Redhat | Mod Cluster | 1.1.0 |
| Redhat | Mod Cluster | 1.1.1 |
| Redhat | Mod Cluster | 1.1.2 |
| Redhat | Mod Cluster | 1.1.3 |
| Redhat | Mod Cluster | 1.1.4 |
References
- http://secunia.com/advisories/49636Vendor Advisory
- http://secunia.com/advisories/49636Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-1154?
How severe is CVE-2012-1154?
How do I fix CVE-2012-1154?
Are you affected by CVE-2012-1154?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST