Description
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
Remediation
References
Related Vulnerabilities
WordPress Plugin DMCA WaterMarker Cross-Site Scripting (1.0)
Apache HTTP Server Other Vulnerability (CVE-2004-2343)
phpMyAdmin Other Vulnerability (CVE-2005-2869)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.9.1)
Atlassian Jira CVE-2021-26081 Vulnerability (CVE-2021-26081)