CVE-2012-1154
First published: Mon Mar 12 2012(Updated: )
mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | =5.1.2 | |
| Red Hat ModCluster | =1.0.10 | |
| Red Hat ModCluster | =1.1.0 | |
| Red Hat ModCluster | =1.1.1 | |
| Red Hat ModCluster | =1.1.2 | |
| Red Hat ModCluster | =1.1.3 | |
| Red Hat ModCluster | =1.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://issues.jboss.org/browse/MODCLUSTER-253
- https://rhn.redhat.com/errata/RHSA-2012-1012.html
- https://rhn.redhat.com/errata/RHSA-2012-1011.html
- https://rhn.redhat.com/errata/RHSA-2012-1010.html
- https://rhn.redhat.com/errata/RHSA-2012-1052.html
- https://rhn.redhat.com/errata/RHSA-2012-1053.html
- https://rhn.redhat.com/errata/RHSA-2012-1166.html
- https://bugzilla.redhat.com/show_bug.cgi?id=802200
- http://rhn.redhat.com/errata/RHSA-2012-1010.html
- http://rhn.redhat.com/errata/RHSA-2012-1011.html
- http://rhn.redhat.com/errata/RHSA-2012-1012.html
- http://rhn.redhat.com/errata/RHSA-2012-1052.html
- http://rhn.redhat.com/errata/RHSA-2012-1053.html
- http://rhn.redhat.com/errata/RHSA-2012-1166.html
- http://secunia.com/advisories/49636
- https://community.jboss.org/message/624018
Frequently Asked Questions
What is the severity of CVE-2012-1154?
CVE-2012-1154 is classified as a high-severity vulnerability that allows unauthorized access to server applications.
How can I fix CVE-2012-1154?
To fix CVE-2012-1154, update your Red Hat JBoss Enterprise Application Platform to version 5.1.2 CP03 or later, or modify the excludedContexts setting appropriately.
What software versions are affected by CVE-2012-1154?
CVE-2012-1154 affects mod_cluster versions 1.0.10 before CP03 and 1.1.x before 1.1.4, as well as JBoss Enterprise Application Platform version 5.1.2.
What are the potential consequences of CVE-2012-1154?
The potential consequences of CVE-2012-1154 include unauthorized access to deployed applications and potential data compromise.
Is CVE-2012-1154 already patched?
Yes, CVE-2012-1154 has been patched in the appropriate versions of the affected software since its discovery.
- collector/redhat-bugzilla
- alias/CVE-2012-1154
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/5.1.2
- canonical/red hat modcluster
- version/red hat modcluster/1.0.10
- version/red hat modcluster/1.1.0
- version/red hat modcluster/1.1.1
- version/red hat modcluster/1.1.2
- version/red hat modcluster/1.1.3
- version/red hat modcluster/1.1.4