DEBIAN-CVE-2012-2672

DEBIAN-CVE-2012-2672 PUBLISHED CVSS 8.600000381469727 HIGH

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian	mojarra
Debian:13	mojarra	0, 0, 0
Debian:11	mojarra	0, 0, 0
Debian:14	mojarra	0, 0, 0
Debian:12	mojarra	0, 0, 0

Timeline

Jun 17, 2012 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2012-2672 advisory

Open in Interactive Console →