CVE-2012-2672

Published: Jun 17, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://issues.jboss.org/browse/JBPAPP-9197

x_refsource_MISC

RHSA-2012:1594

vendor-advisory

x_refsource_REDHAT

mojarra-facescontext-info-disc(76179)

vdb-entry

x_refsource_XF

49284

third-party-advisory

x_refsource_SECUNIA

51607

third-party-advisory

x_refsource_SECUNIA

RHSA-2012:1592

vendor-advisory

x_refsource_REDHAT

RHSA-2012:1591

vendor-advisory

x_refsource_REDHAT

http://java.net/jira/browse/JAVASERVERFACES-2436

x_refsource_CONFIRM

[oss-security] 20120606 CVE request: Mojarra allows deployed web applications to read FacesContext from other applications

mailing-list

x_refsource_MLIST

[oss-security] 20120606 Re: CVE request: Mojarra allows deployed web applications to read FacesContext from other applications

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-2672

Description

Affected Products

References