Description
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
Remediation
References
Related Vulnerabilities
WordPress Plugin Booking.com Banner Creator Cross-Site Scripting (1.4.2)
Dolibarr Improper Authentication Vulnerability (CVE-2017-8879)
WordPress Plugin Smush Image Compression and Optimization Directory Traversal (2.7.5)
MySQL CVE-2017-3600 Vulnerability (CVE-2017-3600)
Oracle Database Server CVE-2021-2173 Vulnerability (CVE-2021-2173)