CVE-2012-2672
Mojarra: deployed web applications can read FacesContext from other applications under certain conditions
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.
Oracle Mojarra v2.1.7 no realiza adecuadamente la limpieza de la referencia FacesContext durante el inicio, lo que permite a los usuarios locales obtener mediante informaciĆ³n de contexto un acceso a los recursos de otro archivo WAR llamando a la funciĆ³n FacesContext.getCurrentInstance.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-05-14 CVE Reserved
- 2012-06-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/51607 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2012/06/07/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/06/07/3 | Mailing List |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/76179 | Vdb Entry | |
| https://issues.jboss.org/browse/JBPAPP-9197 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| http://java.net/jira/browse/JAVASERVERFACES-2436 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1591.html | 2017-08-29 | |
| http://rhn.redhat.com/errata/RHSA-2012-1592.html | 2017-08-29 | |
| http://rhn.redhat.com/errata/RHSA-2012-1594.html | 2017-08-29 | |
| http://secunia.com/advisories/49284 | 2017-08-29 | |
| https://access.redhat.com/security/cve/CVE-2012-2672 | 2012-12-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=829560 | 2012-12-18 |