CVE-2012-1094: Information Exposure

March 10, 2020

JBoss AS and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

References

access.redhat.com/security/cve/cve-2012-1094
bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094
nvd.nist.gov/vuln/detail/CVE-2012-1094

Code Behaviors & Features

Detect and mitigate CVE-2012-1094 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →