Lucene search

K

Ubuntu.comUB:CVE-2012-2672

HistoryJun 17, 2012 - 12:00 a.m.

CVE-2012-2672

2012-06-1700:00:00

ubuntu.com

ubuntu.com

9

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

25.3%

Oracle Mojarra 2.1.7 does not properly “clean up” the FacesContext
reference during startup, which allows local users to obtain context
information an access resources from another WAR file by calling the
FacesContext.getCurrentInstance function.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677194>

Notes

Author	Note
ebarretto	According to Debian: Only affected in combination with EAP6/AS7 application servers, not shipped in Debian

References

java.net/jira/browse/JAVASERVERFACES-2436

secunia.com/advisories/49284

www.openwall.com/lists/oss-security/2012/06/07/2

www.openwall.com/lists/oss-security/2012/06/07/3

xforce.iss.net/xforce/xfdb/76179

issues.jboss.org/browse/JBPAPP-9197

launchpad.net/bugs/cve/CVE-2012-2672

nvd.nist.gov/vuln/detail/CVE-2012-2672

security-tracker.debian.org/tracker/CVE-2012-2672

www.cve.org/CVERecord?id=CVE-2012-2672

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

25.3%

Related for UB:CVE-2012-2672

cve1 prion1 debiancve1 veracode4 nessus2 redhat3