Moderate severityNVD Advisory· Published Oct 22, 2012· Updated Apr 29, 2026
CVE-2012-1154
CVE-2012-1154
Description
mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.mod_cluster:mod_clusterMaven | >= 1.1.0, < 1.1.4 | 1.1.4 |
Affected products
7- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:mod_cluster:1.0.10:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:redhat:mod_cluster:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mod_cluster:1.1.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- secunia.com/advisories/49636nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-v2fp-h4qx-x3r6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1154ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2012-1010.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1011.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1012.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1052.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1053.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1166.htmlnvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- community.jboss.org/message/624018nvdWEB
- issues.jboss.org/browse/MODCLUSTER-253nvdWEB
News mentions
0No linked articles in our index yet.