Description

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2012-1010.html

http://rhn.redhat.com/errata/RHSA-2012-1011.html

http://rhn.redhat.com/errata/RHSA-2012-1012.html

http://rhn.redhat.com/errata/RHSA-2012-1052.html

http://rhn.redhat.com/errata/RHSA-2012-1053.html

http://rhn.redhat.com/errata/RHSA-2012-1166.html

http://secunia.com/advisories/49636

https://bugzilla.redhat.com/show_bug.cgi?id=802200

https://community.jboss.org/message/624018

https://issues.jboss.org/browse/MODCLUSTER-253

Related Vulnerabilities

CVE-2023-3315 Vulnerability in maven package org.jenkins-ci.plugins:teamconcert

CVE-2019-1003005 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2019-16562 Vulnerability in maven package org.jenkins-ci.plugins:buildgraph-view

CVE-2019-1003053 Vulnerability in maven package org.jenkins-ci.plugins:hockeyapp

CVE-2019-0193 Vulnerability in maven package org.apache.solr:solr-dataimporthandler

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory