Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2672

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Published

2012-06-17T03:41:41.577

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.1 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	mojarra	2.1.7	Yes

References

http://java.net/jira/browse/JAVASERVERFACES-2436 Exploit ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-1591.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-1592.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-1594.html ([email protected])
http://secunia.com/advisories/49284 Vendor Advisory ([email protected])
http://secunia.com/advisories/51607 ([email protected])
http://www.openwall.com/lists/oss-security/2012/06/07/2 ([email protected])
http://www.openwall.com/lists/oss-security/2012/06/07/3 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/76179 ([email protected])
https://issues.jboss.org/browse/JBPAPP-9197 ([email protected])
http://java.net/jira/browse/JAVASERVERFACES-2436 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-1591.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-1592.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-1594.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/49284 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51607 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/06/07/2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/06/07/3 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76179 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.jboss.org/browse/JBPAPP-9197 (af854a3a-2127-422b-91ae-364da2661108)