Vulnerability Database

309,961

Total vulnerabilities in the database

CVE-2012-2672

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.

Published: Jun 17, 2012
Updated: Nov 9, 2025
CVE: CVE-2012-2672
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / mojarra	2.1.7	2.1.7.x

http://java.net/jira/browse/JAVASERVERFACES-2436
http://rhn.redhat.com/errata/RHSA-2012-1591.html
http://rhn.redhat.com/errata/RHSA-2012-1592.html
http://rhn.redhat.com/errata/RHSA-2012-1594.html
http://secunia.com/advisories/49284
http://secunia.com/advisories/51607
http://www.openwall.com/lists/oss-security/2012/06/07/2
http://www.openwall.com/lists/oss-security/2012/06/07/3
https://exchange.xforce.ibmcloud.com/vulnerabilities/76179
https://issues.jboss.org/browse/JBPAPP-9197

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo