Home > Vulnerability Database > CVE-2012-2672

Mend.io Vulnerability Database

CVE-2012-2672

Good to know:

Date: June 16, 2012

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Language: Java

Severity Score

4.0

Related Resources (12)

Url: http://www.openwall.com/lists/oss-security/2012/06/07/2

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/76179

Url: http://java.net/jira/browse/JAVASERVERFACES-2436

Url: http://secunia.com/advisories/49284

Url: http://secunia.com/advisories/51607

Url: http://www.openwall.com/lists/oss-security/2012/06/07/3

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-2672

Url: http://rhn.redhat.com/errata/RHSA-2012-1594.html

Url: http://rhn.redhat.com/errata/RHSA-2012-1592.html

Url: http://rhn.redhat.com/errata/RHSA-2012-1591.html

Url: https://issues.jboss.org/browse/JBPAPP-9197

Url: https://www.mend.io/vulnerability-database/CVE-2012-2672

Severity Score

4.0

Top Fix

Upgrade Version

Upgrade to version 2.1.11,2.2-m05

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-2672

Good to know:

Date: June 16, 2012

Language: Java

Severity Score

Related Resources (12)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?