Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2672

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-2672
Last Modified 08 Jan 2013 12:02:09
Published 16 Jun 2012 11:41:41
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-2672

Summary

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Vulnerable Systems

Application

  • Oracle Mojarra 2.1.7


References

MISC - https://issues.jboss.org/browse/JBPAPP-9197

XF - mojarra-facescontext-info-disc(76179)

MLIST - [oss-security] 20120606 Re: CVE request: Mojarra allows deployed web applications to read FacesContext from other applications

MLIST - [oss-security] 20120606 CVE request: Mojarra allows deployed web applications to read FacesContext from other applications

SECUNIA - 49284

CONFIRM - http://java.net/jira/browse/JAVASERVERFACES-2436

SECUNIA - 51607

REDHAT - RHSA-2012:1594

REDHAT - RHSA-2012:1592

REDHAT - RHSA-2012:1591


Last Updated: 27 May 2016 10:56:32