4.3

CVE-2012-1154

EPSS 0.34%
Published 22.10.2012 23:55:05
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Application Platform Version5.1.2

Redhat ≫ Mod Cluster Version1.0.10

Redhat ≫ Mod Cluster Version1.1.0

Redhat ≫ Mod Cluster Version1.1.1

Redhat ≫ Mod Cluster Version1.1.2

Redhat ≫ Mod Cluster Version1.1.3

Redhat ≫ Mod Cluster Version1.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.556

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://rhn.redhat.com/errata/RHSA-2012-1010.html

http://rhn.redhat.com/errata/RHSA-2012-1011.html

http://rhn.redhat.com/errata/RHSA-2012-1012.html

http://rhn.redhat.com/errata/RHSA-2012-1052.html

http://rhn.redhat.com/errata/RHSA-2012-1053.html

http://rhn.redhat.com/errata/RHSA-2012-1166.html

http://secunia.com/advisories/49636

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=802200

https://community.jboss.org/message/624018

https://issues.jboss.org/browse/MODCLUSTER-253

https://nvd.nist.gov/vuln/detail/CVE-2012-1154

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1154

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1154

EUVD