CVE-2017-12616

Published: Sep 19, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Vendor	Product	Versions
Apache Software Foundation	Apache Tomcat	affected `7.0.0 to 7.0.80`

References

1039393

vdb-entry

x_refsource_SECTRACK

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

x_refsource_CONFIRM

https://www.synology.com/support/security/Synology_SA_17_54_Tomcat

x_refsource_CONFIRM

RHSA-2018:0465

vendor-advisory

x_refsource_REDHAT

USN-3665-1

vendor-advisory

x_refsource_UBUNTU

100897

vdb-entry

x_refsource_BID

RHSA-2018:0466

vendor-advisory

x_refsource_REDHAT

https://security.netapp.com/advisory/ntap-20171018-0001/

x_refsource_CONFIRM

[announce] 20170919 [SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-12616

Description

Affected Products

References