Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1154

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1154
Last Modified 08 Nov 2012 12:00:00
Published 22 Oct 2012 07:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1154

Summary

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 5.1.2

  • Redhat Mod Cluster 1.0.10

  • Redhat Mod Cluster 1.1.0

  • Redhat Mod Cluster 1.1.1

  • Redhat Mod Cluster 1.1.2

  • Redhat Mod Cluster 1.1.3

  • Redhat Mod Cluster 1.1.4


References

CONFIRM - https://issues.jboss.org/browse/MODCLUSTER-253

CONFIRM - https://community.jboss.org/message/624018

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=802200

SECUNIA - 49636

REDHAT - RHSA-2012:1166

REDHAT - RHSA-2012:1053

REDHAT - RHSA-2012:1052

REDHAT - RHSA-2012:1012

REDHAT - RHSA-2012:1011

REDHAT - RHSA-2012:1010


Last Updated: 27 May 2016 10:53:42