Description

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2012-1011.html

http://secunia.com/advisories/49636

http://rhn.redhat.com/errata/RHSA-2012-1053.html

http://rhn.redhat.com/errata/RHSA-2012-1010.html

http://rhn.redhat.com/errata/RHSA-2012-1166.html

https://issues.jboss.org/browse/MODCLUSTER-253

https://community.jboss.org/message/624018

http://rhn.redhat.com/errata/RHSA-2012-1052.html

https://bugzilla.redhat.com/show_bug.cgi?id=802200

http://rhn.redhat.com/errata/RHSA-2012-1012.html

Related Vulnerabilities

CVE-2023-30517 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2013-3827 Vulnerability in maven package com.sun.faces:jsf-impl

CVE-2023-29020 Vulnerability in npm package @fastify/passport

CVE-2020-2259 Vulnerability in maven package org.jenkins-ci.plugins:computer-queue-plugin

CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-broker

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory