V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2012-1154
DEB
Medium

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to…

CVSS
4.3
Medium
EPSS
0.03
p83
Published
2012-01-01
Updated
2012-01-01
Description

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Tags · CWE
CWE-264
Affected products
Jboss_enterprise_application_platformMod_cluster
CVSS vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.026 · p83
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
libapache2-mod-clusterTracked
mod_clusterTracked
mod_clusterTracked
mod_clusterTracked
mod_clusterTracked
mod_clusterTracked
mod_clusterTracked
mod_clusterTracked
jboss_enterprise_application_platform*Tracked
mod_cluster*Tracked
Source databases
DEB
CVE
RED