Lucene search

K

[email protected]NVD:CVE-2012-2672

HistoryJun 17, 2012 - 3:41 a.m.

CVE-2012-2672

2012-06-1703:41:41

[email protected]

web.nvd.nist.gov

1

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.7%

Oracle Mojarra 2.1.7 does not properly “clean up” the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Affected configurations

NVD

Node

oraclemojarraMatch2.1.7

References

java.net/jira/browse/JAVASERVERFACES-2436

rhn.redhat.com/errata/RHSA-2012-1591.html

rhn.redhat.com/errata/RHSA-2012-1592.html

rhn.redhat.com/errata/RHSA-2012-1594.html

secunia.com/advisories/49284

secunia.com/advisories/51607

www.openwall.com/lists/oss-security/2012/06/07/2

www.openwall.com/lists/oss-security/2012/06/07/3

exchange.xforce.ibmcloud.com/vulnerabilities/76179

issues.jboss.org/browse/JBPAPP-9197

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.7%

Related for NVD:CVE-2012-2672

prion1 cve1 debiancve1 ubuntucve1 cvelist1 nessus2 redhat3 veracode4