Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-06-17T01:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-05-14T00:00:00
Link: CVE-2012-2672
JSON object: View
NVD Information
Status : Modified
Published: 2012-06-17T03:41:41.577
Modified: 2017-08-29T01:31:38.960
Link: CVE-2012-2672
JSON object: View
Redhat Information
No data.
CWE