Описание
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
Отчет
Not vulnerable. This issue only affects community JBoss AS 7 prior to 7.1.1. It does not affect components shipped with any Red Hat products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | Security | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=798841mod_cluster registers and exposes the root context of a JBoss AS 7 server by default, despite ROOT being in the excluded-contexts list
EPSS
Процентиль: 46%
0.00235
Низкий
5 Medium
CVSS2
Связанные уязвимости
CVSS3: 7.5
nvd
почти 6 лет назад
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
CVSS3: 7.5
debian
почти 6 лет назад
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostna ...
CVSS3: 7.5
github
почти 4 года назад
JBoss AS may expose root content if excluded-contexts list is mismatched
EPSS
Процентиль: 46%
0.00235
Низкий
5 Medium
CVSS2