Description

JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

Remediation

References

CVE-2012-1094

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13668)

Apache HTTP Server Off-by-one Error Vulnerability (CVE-2005-1268)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2011-2483)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10352)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.8)

Severity

High

Classification

CVE-2012-1094 CWE-200

Tags

Missing Update Known Vulnerabilities