JBoss Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1094)
Description
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.