CVE-2012-1154 – org.jboss.mod_cluster:mod_cluster

Package

Manager: maven
Name: org.jboss.mod_cluster:mod_cluster
Vulnerable Version: >=1.1.0 <1.1.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00335 pctl0.55671

Details

Improper Access Control in JBoss mod_cluster mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Metadata

Created: 2022-05-17T05:18:47Z
Modified: 2022-11-01T22:26:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v2fp-h4qx-x3r6/GHSA-v2fp-h4qx-x3r6.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-v2fp-h4qx-x3r6
Finding: F039
Auto approve: 1