Lucene search

Mod Cluster Security Vulnerabilities

cve

CVE-2012-1154

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed ...

6.7AI Score

0.005EPSS

2012-10-22 11:55 PM

cve

CVE-2015-0298

Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.

5.9AI Score

0.002EPSS

2015-08-24 02:59 PM

cve

CVE-2016-4459

Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.

7.5CVSS

6.5AI Score

0.023EPSS

2017-04-12 08:59 PM

cve

CVE-2019-14857

A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.

6.1CVSS

6.4AI Score

0.002EPSS

2019-11-26 12:15 PM

147