Lucene search

K
cvelistApacheCVELIST:CVE-2017-12616
HistorySep 19, 2017 - 12:00 a.m.

CVE-2017-12616

2017-09-1900:00:00
apache
www.cve.org
6

AI Score

5.9

Confidence

High

EPSS

0.908

Percentile

98.9%

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

CNA Affected

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0 to 7.0.80"
      }
    ]
  }
]

References