CVE-2013-3827

Name of the Vulnerable Software and Affected Versions Oracle GlassFish Server versions 2.1.1 through 3.1.2 Oracle JDeveloper versions 11.1.2.3.0 through 12.1.2.0.0 Oracle WebLogic Server versions 10.3.6.0 through 12.1.1

Description The issue affects confidentiality and is related to Java Server Faces or Web Container. Multiple path traversal flaws were found in the Mojarra JSF2 implementation, allowing an unauthenticated remote attacker to gather undisclosed information from within an application's root.

Recommendations For Oracle GlassFish Server versions 2.1.1 through 3.1.2, update to a version that includes the fix for this issue. For Oracle JDeveloper versions 11.1.2.3.0 through 12.1.2.0.0, update to a version that includes the fix for this issue. For Oracle WebLogic Server versions 10.3.6.0 through 12.1.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Java Server Faces or Web Container components until a patch is available.