Description

JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

Remediation

References

CVE-2012-1094

Related Vulnerabilities

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4053)

Wordpress Plugin Backup Migration CVE-2023-6553 Vulnerability (CVE-2023-6553)

WordPress Plugin PublishPress Future: Automatically Unpublish WordPress Posts Cross-Site Scripting (2.7.0)

WordPress Plugin Quick Paypal Payments Multiple Vulnerabilities (5.7.25)

Drupal Improper Input Validation Vulnerability (CVE-2016-9452)

Severity

High

Classification

CVE-2012-1094 CWE-200

Tags

Missing Update Known Vulnerabilities