Description

JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

Remediation

References

CVE-2012-1094

Related Vulnerabilities

Craft CMS CVE-2024-21622 Vulnerability (CVE-2024-21622)

WordPress Plugin MoolaMojo Cross-Site Scripting (0.7.4.1)

Microsoft SQL Server Other Vulnerability (CVE-2000-0202)

Django Other Vulnerability (CVE-2009-3695)

Moodle Missing Authorization Vulnerability (CVE-2019-10187)

Severity

High

Classification

CVE-2012-1094 CWE-200

Tags

Missing Update Known Vulnerabilities