Description

JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

Remediation

References

CVE-2012-1094

Related Vulnerabilities

Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-29200)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)

WordPress Plugin Markdown on Save Improved Cross-Site Scripting (2.5)

WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)

Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)

Severity

High

Classification

CVE-2012-1094 CWE-200

Tags

Missing Update Known Vulnerabilities