Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1154)

Description

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Remediation

References

Related Vulnerabilities

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10673)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5608)

MySQL CVE-2021-2006 Vulnerability (CVE-2021-2006)

Oracle Database Server CVE-2006-0261 Vulnerability (CVE-2006-0261)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)

Severity

Medium

Classification

CVE-2012-1154 CWE-264

Tags

Missing Update Known Vulnerabilities