Lucene search

K
osvGoogleOSV:GHSA-8QQ4-8JVQ-MFW4
HistoryMay 14, 2022 - 1:10 a.m.

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

2022-05-1401:10:16
Google
osv.dev
22
apache tomcat
virtualdircontext
security bypass
jsp source code
specially crafted request

EPSS

0.905

Percentile

98.9%

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

References