CVE-2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

CVE-2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

Design/Logic Flaw

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

CVE-2017-12616

CVE-2017-12616 affects Apache Tomcat 7.0.0–7.0.80 with VirtualDirContext, enabling bypass of security constraints and viewing JSP source via a crafted request. Affected products/versions are documented in multiple advisories; remediation is to upgrade to a newer Tomcat 7.x release (e.g., Debian/R...

CVE-2017-12616

Removed by vendor...

CVE-2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

[ASA-201709-17] tomcat7: information disclosure

Arch Linux Security Advisory ASA-201709-17 ========================================== Severity: Medium Date : 2017-09-19 CVE-ID : CVE-2017-12616 Package : tomcat7 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-408 Summary ======= The package tomcat7 before...

CVE-2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

UBUNTU-CVE-2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

Apache Tomcat 7.0.0 < 7.0.81 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.81. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.81security-7 advisory. - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security...

Fixed in Apache Tomcat 7.0.81

Important: Information Disclosure CVE-2017-12616 When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. This was fixed in revision 1804729. This issue was...