Moderate severityNVD Advisory· Published Oct 22, 2012· Updated Jun 16, 2026
CVE-2012-1154
CVE-2012-1154
Description
mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.mod_cluster:mod_clusterMaven | >= 1.1.0, < 1.1.4 | 1.1.4 |
Affected products
8- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:mod_cluster:1.0.10:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:redhat:mod_cluster:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.4:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
12- secunia.com/advisories/49636nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-v2fp-h4qx-x3r6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1154ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2012-1010.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1011.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1012.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1052.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1053.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1166.htmlnvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- community.jboss.org/message/624018nvdWEB
- issues.jboss.org/browse/MODCLUSTER-253nvdWEB
News mentions
0No linked articles in our index yet.