CVE-2012-1154
Improper Access Control in JBoss mod_cluster
EPSS 0.33%
Description
mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors.
How to fix CVE-2012-1154
To remediate CVE-2012-1154, upgrade the affected package to a fixed version below.
- Maven/org.jboss.mod_cluster:mod_cluster—upgrade to 1.1.4 or later
Is CVE-2012-1154 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.1.0, < 1.1.4