Description
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
Remediation
References
Related Vulnerabilities
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)
WordPress Plugin Markdown on Save Improved Cross-Site Scripting (2.5)
WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)
Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)