PT-2020-7176 · Red Hat · Jboss As 7

David Jorm

Published

2020-03-10

Updated

2022-04-23

CVE-2012-1094

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions JBoss AS 7 versions prior to 7.1.1

Description The issue arises from the different handling of default hostname by JBoss AS 7 and mod cluster, leading to a mismatch in the excluded-contexts list and potentially exposing the root context.

Recommendations For JBoss AS 7 versions prior to 7.1.1, update to version 7.1.1 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-1094

GHSA-WQ8G-HM94-5RQQ

Affected Products

Jboss As 7

PT-2020-7176 · Red Hat · Jboss As 7

CVE-2012-1094

Weakness Enumeration

Related Identifiers

Affected Products

References · 6