CVE-2012-2672

Currently unrated

Key Information:

Vendor: Oracle
Status: Mojarra
Vendor: CVE Published:; 17 June 2012

Summary

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

References

https://issues.jboss.org/browse/JBPAPP-9197

x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2012-1594.html

vendor-advisoryx_refsource_REDHAT

https://exchange.xforce.ibmcloud.com/vulnerabilities/76179

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 17, 2012
Vulnerability Reserved
May 14, 2012