Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-17T01:00:00

Updated: 2024-08-06T19:42:31.886Z

Reserved: 2012-05-14T00:00:00

Link: CVE-2012-2672

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-06-17T03:41:41.577

Modified: 2024-11-21T01:39:25.000

Link: CVE-2012-2672

cve-icon Redhat

Severity : Low

Publid Date: 2012-06-01T00:00:00Z

Links: CVE-2012-2672 - Bugzilla