[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256488

 
 

909

 
 

199193

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-1154Date: (C)2012-10-23   (M)2023-12-22


mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-49636
RHSA-2012:1010
RHSA-2012:1011
RHSA-2012:1012
RHSA-2012:1052
RHSA-2012:1053
RHSA-2012:1166
https://bugzilla.redhat.com/show_bug.cgi?id=802200
https://community.jboss.org/message/624018
https://issues.jboss.org/browse/MODCLUSTER-253

CPE    1
cpe:/a:redhat:jboss_enterprise_application_platform:5.1.2
CWE    1
CWE-264

© SecPod Technologies