Lucene search
PRIOn knowledge basePRION:CVE-2012-1154HistoryOct 22, 2012 - 11:55 p.m.
Authentication flaw
2012-10-2223:55:00
PRIOn knowledge base
www.prio-n.com
2
mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when “ROOT” is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jboss_enterprise_application_platform | eq | 5.1.2 | |
| mod_cluster | eq | 1.1.0 | |
| mod_cluster | eq | 1.0.10 | |
| mod_cluster | eq | 1.1.4 | |
| mod_cluster | eq | 1.1.3 | |
| mod_cluster | eq | 1.1.2 | |
| mod_cluster | eq | 1.1.1 |
References
rhn.redhat.com/errata/RHSA-2012-1010.html
rhn.redhat.com/errata/RHSA-2012-1011.html
rhn.redhat.com/errata/RHSA-2012-1012.html
rhn.redhat.com/errata/RHSA-2012-1052.html
rhn.redhat.com/errata/RHSA-2012-1053.html
rhn.redhat.com/errata/RHSA-2012-1166.html
secunia.com/advisories/49636
bugzilla.redhat.com/show_bug.cgi?id=802200
community.jboss.org/message/624018
issues.jboss.org/browse/MODCLUSTER-253
Related
redhat
redhat
(RHSA-2012:1166) Moderate: mod_cluster security update
2012-08-13 00:00:00
(RHSA-2012:1052) Moderate: mod_cluster security update
2012-07-03 00:00:00
(RHSA-2012:1053) Moderate: mod_cluster security update
2012-07-03 00:00:00
cvelist
cvelist
CVE-2012-1154
2012-10-22 23:00:00
nessus
nessus
RHEL 5 / 6 : mod_cluster (RHSA-2012:1052)
2013-01-24 00:00:00
RHEL 5 / 6 : mod_cluster (RHSA-2012:1053)
2024-04-21 00:00:00
RHEL 5 / 6 : mod_cluster (RHSA-2012:1166)
2014-11-08 00:00:00
nvd
nvd
CVE-2012-1154
2012-10-22 23:55:05
veracode
veracode
Privilege Escalation
2019-01-15 08:53:53
cve
cve
CVE-2012-1154
2012-10-22 23:55:05
osv
osv
Improper Access Control in JBoss mod_cluster
2022-05-17 05:18:47
github
github
Improper Access Control in JBoss mod_cluster
2022-05-17 05:18:47