VYPR
Moderate severityNVD Advisory· Published Oct 22, 2012· Updated Jun 16, 2026

CVE-2012-1154

CVE-2012-1154

Description

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jboss.mod_cluster:mod_clusterMaven
>= 1.1.0, < 1.1.41.1.4

Affected products

8
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:mod_cluster:1.0.10:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:redhat:mod_cluster:1.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:mod_cluster:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:mod_cluster:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:mod_cluster:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:mod_cluster:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:mod_cluster:1.1.4:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.1.0, < 1.1.4

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.