Mojarra Vulnerable Due to Improper Cleanup of FacesContext Reference
CVE-2012-2672

Currently unrated

Key Information:

Vendor: Oracle
Status: Mojarra
Vendor: CVE Published:; 17 June 2012

Summary

Oracle Mojarra version 2.1.7 has a vulnerability where the FacesContext reference is not adequately cleaned during initialization. This flaw allows local users to gain access to sensitive context information, enabling them to access resources belonging to other deployed web applications through the FacesContext.getCurrentInstance method. As a result, attackers could exploit this oversight to potentially read or manipulate data between distinct WAR files, posing a significant security risk for applications utilizing this version of Mojarra.

References

https://issues.jboss.org/browse/JBPAPP-9197

x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2012-1594.html

vendor-advisoryx_refsource_REDHAT

https://exchange.xforce.ibmcloud.com/vulnerabilities/76179

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 17, 2012
Vulnerability Reserved
May 14, 2012