GHSA-v2fp-h4qx-x3r6

Suggest an improvement
Source
https://github.com/advisories/GHSA-v2fp-h4qx-x3r6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v2fp-h4qx-x3r6/GHSA-v2fp-h4qx-x3r6.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-v2fp-h4qx-x3r6
Aliases
  • CVE-2012-1154
Published
2022-05-17T05:18:47Z
Modified
2024-11-28T05:45:52.158994Z
Summary
Improper Access Control in JBoss mod_cluster
Details

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

Database specific
{
    "nvd_published_at": "2012-10-22T23:55:00Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T22:26:52Z"
}
References

Affected packages

Maven / org.jboss.mod_cluster:mod_cluster

Package

Name
org.jboss.mod_cluster:mod_cluster
View open source insights on deps.dev
Purl
pkg:maven/org.jboss.mod_cluster/mod_cluster

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.1.4

Affected versions

1.*

1.1.0.Final
1.1.2.Final
1.1.3.Final