Redhat: >> Jboss Application Server >> 7.1.0 Security Vulnerabilities
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-03-10
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-12-18