CVE-2012-2672

Priority
Description
Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext
reference during startup, which allows local users to obtain context
information an access resources from another WAR file by calling the
FacesContext.getCurrentInstance function.
Notes
 ebarretto> According to Debian:
 ebarretto> Only affected in combination with EAP6/AS7 application servers,
 ebarretto> not shipped in Debian
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
More Information

Updated: 2019-03-26 11:14:32 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)