1. Home
  2. Vulnerabilities
  3. CVE-2012-1154

CVE-2012-1154

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.55 % (78th)
0.55% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Weaknesses
CWE-264
Permissions, Privileges, and Access Controls
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2012-10-22 23:55:05
(12 years ago)
Updated Date
2012-11-08 05:00:00
(12 years ago)

Affected Products

Redhat

Configuration #1

    CPE23 From Up To
  Redhat Jboss Enterprise Application Platform 5.1.2 cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2
  Redhat Mod Cluster 1.0.10 cpe:2.3:a:redhat:mod_cluster:1.0.10
  Redhat Mod Cluster 1.1.0 cpe:2.3:a:redhat:mod_cluster:1.1.0
  Redhat Mod Cluster 1.1.1 cpe:2.3:a:redhat:mod_cluster:1.1.1
  Redhat Mod Cluster 1.1.2 cpe:2.3:a:redhat:mod_cluster:1.1.2
  Redhat Mod Cluster 1.1.3 cpe:2.3:a:redhat:mod_cluster:1.1.3
  Redhat Mod Cluster 1.1.4 cpe:2.3:a:redhat:mod_cluster:1.1.4