GHSA-wq8g-hm94-5rqq

Suggest an improvement
Source
https://github.com/advisories/GHSA-wq8g-hm94-5rqq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-wq8g-hm94-5rqq/GHSA-wq8g-hm94-5rqq.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-wq8g-hm94-5rqq
Aliases
  • CVE-2012-1094
Published
2022-04-23T00:40:48Z
Modified
2023-11-01T04:44:40.269413Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
JBoss AS may expose root content if excluded-contexts list is mismatched
Details

JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

Database specific
{
    "nvd_published_at": "2020-03-10T17:15:00Z",
    "github_reviewed_at": "2022-11-22T19:02:55Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Maven / org.jboss.as:jboss-as-server

Package

Name
org.jboss.as:jboss-as-server
View open source insights on deps.dev
Purl
pkg:maven/org.jboss.as/jboss-as-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0.Alpha1
Fixed
7.1.1.Final

Affected versions

7.*

7.0.0.Alpha1
7.0.0.Beta1
7.0.0.Beta2
7.0.0.Beta3
7.0.0.CR1
7.0.0.Final
7.0.1.Final
7.0.2.Final
7.1.0.Beta1
7.1.0.Beta1b
7.1.0.CR1
7.1.0.CR1b
7.1.0.Final