CVE-2012-1154

2012-10-2223:55:05

CWE-264

[email protected]

web.nvd.nist.gov

mod_cluster

cve-2012-1154

jboss

nvd

access restrictions

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.6%

JSON

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when “ROOT” is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Affected configurations

NVD

Node

redhatjboss_enterprise_application_platformMatch5.1.2

redhatmod_clusterMatch1.0.10

redhatmod_clusterMatch1.1.0

redhatmod_clusterMatch1.1.1

redhatmod_clusterMatch1.1.2

redhatmod_clusterMatch1.1.3

redhatmod_clusterMatch1.1.4

CPENameOperatorVersion
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq5.1.2
redhat:mod_clusterredhat mod clustereq1.0.10
redhat:mod_clusterredhat mod clustereq1.1.0
redhat:mod_clusterredhat mod clustereq1.1.1
redhat:mod_clusterredhat mod clustereq1.1.2
redhat:mod_clusterredhat mod clustereq1.1.3
redhat:mod_clusterredhat mod clustereq1.1.4

CPE	Name	Operator	Version
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	5.1.2
redhat:mod_cluster	redhat mod cluster	eq	1.0.10
redhat:mod_cluster	redhat mod cluster	eq	1.1.0
redhat:mod_cluster	redhat mod cluster	eq	1.1.1
redhat:mod_cluster	redhat mod cluster	eq	1.1.2
redhat:mod_cluster	redhat mod cluster	eq	1.1.3
redhat:mod_cluster	redhat mod cluster	eq	1.1.4