CVE-2012-2672
EPSS 0.06%
Description
Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.
How to fix CVE-2012-2672
To remediate CVE-2012-2672, upgrade the affected package to a fixed version below.
- Debian/mojarra—upgrade to 2.2.8-1 or later
Is CVE-2012-2672 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.8-1