4.3

CVE-2012-1154

EPSS 0.26%
Veröffentlicht 22.10.2012 23:55:05
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Application Platform Version5.1.2

Redhat ≫ Mod Cluster Version1.0.10

Redhat ≫ Mod Cluster Version1.1.0

Redhat ≫ Mod Cluster Version1.1.1

Redhat ≫ Mod Cluster Version1.1.2

Redhat ≫ Mod Cluster Version1.1.3

Redhat ≫ Mod Cluster Version1.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.491

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://rhn.redhat.com/errata/RHSA-2012-1010.html

http://rhn.redhat.com/errata/RHSA-2012-1011.html

http://rhn.redhat.com/errata/RHSA-2012-1012.html

http://rhn.redhat.com/errata/RHSA-2012-1052.html

http://rhn.redhat.com/errata/RHSA-2012-1053.html

http://rhn.redhat.com/errata/RHSA-2012-1166.html

http://secunia.com/advisories/49636

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=802200

https://community.jboss.org/message/624018

https://issues.jboss.org/browse/MODCLUSTER-253

https://nvd.nist.gov/vuln/detail/CVE-2012-1154

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1154

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1154

EUVD