Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.

References

• https://nvd.nist.gov/vuln/detail/CVE-2014-8122
• weld/core@29fd110
• weld/core@6808b11
• weld/core@8e41320
• https://exchange.xforce.ibmcloud.com/vulnerabilities/100892
• https://github.com/victims/victims-cve-db/blob/master/database/java/2014/8122.yaml
• http://rhn.redhat.com/errata/RHSA-2015-0215.html
• http://rhn.redhat.com/errata/RHSA-2015-0216.html
• http://rhn.redhat.com/errata/RHSA-2015-0217.html
• http://rhn.redhat.com/errata/RHSA-2015-0218.html
• http://rhn.redhat.com/errata/RHSA-2015-0675.html
• http://rhn.redhat.com/errata/RHSA-2015-0773.html
• http://rhn.redhat.com/errata/RHSA-2015-0850.html
• http://rhn.redhat.com/errata/RHSA-2015-0851.html
• http://rhn.redhat.com/errata/RHSA-2015-0920.html
• http://www.securityfocus.com/bid/74252
• http://www.securitytracker.com/id/1031741