Bug 802200 - (CVE-2012-1154) CVE-2012-1154 mod_cluster registers and exposes the root context of a server by default, despite ROOT being in the excluded-contexts list
CVE-2012-1154 mod_cluster registers and exposes the root context of a server ...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20110831,repor...
: Security
Depends On: 806139 806140 806141
Blocks: 802216 807573
  Show dependency treegraph
 
Reported: 2012-03-11 23:34 EDT by David Jorm
Modified: 2014-10-20 20:02 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-13 21:15:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jorm 2012-03-11 23:34:05 EDT
mod_cluster 1.0.10 CP02 and 1.1.3 registers and exposes the root context of a server by default, despite ROOT being in the excludedContexts list. This is due to a regression that bypassed context filtering for the root context, causing the root context to be enabled inadvertently. This flaw is fixed in mod_cluster 1.0.10 CP03 and 1.1.4.
Comment 1 David Jorm 2012-03-12 02:57:27 EDT
The following products are affected by this flaw:

JBoss Enterprise Web Server 1.0.2
JBoss Enterprise Application Platform 5.1.2
JBoss Enterprise Web Platform 5.1.2
JBoss Communications Platform 5.1.3
Comment 2 David Jorm 2012-03-12 21:52:42 EDT
Upstream bug report:

https://issues.jboss.org/browse/MODCLUSTER-253
Comment 4 errata-xmlrpc 2012-06-19 15:24:23 EDT
This issue has been addressed in following products:

  JBoss Enterprise Web Server 1.0.2

Via RHSA-2012:1012 https://rhn.redhat.com/errata/RHSA-2012-1012.html
Comment 5 errata-xmlrpc 2012-06-19 15:24:55 EDT
This issue has been addressed in following products:

  JBoss Enterprise Web Platform 5.1.2

Via RHSA-2012:1011 https://rhn.redhat.com/errata/RHSA-2012-1011.html
Comment 6 errata-xmlrpc 2012-06-19 15:25:27 EDT
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.1.2

Via RHSA-2012:1010 https://rhn.redhat.com/errata/RHSA-2012-1010.html
Comment 7 errata-xmlrpc 2012-07-03 05:01:13 EDT
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5
  JBEAP 5 for RHEL 6

Via RHSA-2012:1052 https://rhn.redhat.com/errata/RHSA-2012-1052.html
Comment 8 errata-xmlrpc 2012-07-03 05:10:05 EDT
This issue has been addressed in following products:

  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 6

Via RHSA-2012:1053 https://rhn.redhat.com/errata/RHSA-2012-1053.html
Comment 9 errata-xmlrpc 2012-08-13 11:58:23 EDT
This issue has been addressed in following products:

  JBEWS 1.0 for RHEL 5
  JBEWS 1.0 for RHEL 6

Via RHSA-2012:1166 https://rhn.redhat.com/errata/RHSA-2012-1166.html

Note You need to log in before you can comment on or make changes to this bug.