CVE-2017-12616CVE-2017-12616

Affected configuration(s):

cpe:/a:apache:tomcat:7.0.0
cpe:/a:apache:tomcat:7.0.0:beta
cpe:/a:apache:tomcat:7.0.1
cpe:/a:apache:tomcat:7.0.2
cpe:/a:apache:tomcat:7.0.2:beta
cpe:/a:apache:tomcat:7.0.3
cpe:/a:apache:tomcat:7.0.4
cpe:/a:apache:tomcat:7.0.4:beta
cpe:/a:apache:tomcat:7.0.5
cpe:/a:apache:tomcat:7.0.5:beta
cpe:/a:apache:tomcat:7.0.6
cpe:/a:apache:tomcat:7.0.7
cpe:/a:apache:tomcat:7.0.8
cpe:/a:apache:tomcat:7.0.9
cpe:/a:apache:tomcat:7.0.10
cpe:/a:apache:tomcat:7.0.11
cpe:/a:apache:tomcat:7.0.12
cpe:/a:apache:tomcat:7.0.13
cpe:/a:apache:tomcat:7.0.14
cpe:/a:apache:tomcat:7.0.15
cpe:/a:apache:tomcat:7.0.16
cpe:/a:apache:tomcat:7.0.17
cpe:/a:apache:tomcat:7.0.18
cpe:/a:apache:tomcat:7.0.19
cpe:/a:apache:tomcat:7.0.20
cpe:/a:apache:tomcat:7.0.21
cpe:/a:apache:tomcat:7.0.22
cpe:/a:apache:tomcat:7.0.23
cpe:/a:apache:tomcat:7.0.24
cpe:/a:apache:tomcat:7.0.25
cpe:/a:apache:tomcat:7.0.26
cpe:/a:apache:tomcat:7.0.27
cpe:/a:apache:tomcat:7.0.28
cpe:/a:apache:tomcat:7.0.29
cpe:/a:apache:tomcat:7.0.30
cpe:/a:apache:tomcat:7.0.31
cpe:/a:apache:tomcat:7.0.32
cpe:/a:apache:tomcat:7.0.33
cpe:/a:apache:tomcat:7.0.34
cpe:/a:apache:tomcat:7.0.35
cpe:/a:apache:tomcat:7.0.36
cpe:/a:apache:tomcat:7.0.37
cpe:/a:apache:tomcat:7.0.38
cpe:/a:apache:tomcat:7.0.39
cpe:/a:apache:tomcat:7.0.40
cpe:/a:apache:tomcat:7.0.41
cpe:/a:apache:tomcat:7.0.42
cpe:/a:apache:tomcat:7.0.43
cpe:/a:apache:tomcat:7.0.44
cpe:/a:apache:tomcat:7.0.45
cpe:/a:apache:tomcat:7.0.46
cpe:/a:apache:tomcat:7.0.47
cpe:/a:apache:tomcat:7.0.48
cpe:/a:apache:tomcat:7.0.49
cpe:/a:apache:tomcat:7.0.50
cpe:/a:apache:tomcat:7.0.51
cpe:/a:apache:tomcat:7.0.54
cpe:/a:apache:tomcat:7.0.55
cpe:/a:apache:tomcat:7.0.56
cpe:/a:apache:tomcat:7.0.57
cpe:/a:apache:tomcat:7.0.58
cpe:/a:apache:tomcat:7.0.59
cpe:/a:apache:tomcat:7.0.60
cpe:/a:apache:tomcat:7.0.61
cpe:/a:apache:tomcat:7.0.62
cpe:/a:apache:tomcat:7.0.63
cpe:/a:apache:tomcat:7.0.64
cpe:/a:apache:tomcat:7.0.65
cpe:/a:apache:tomcat:7.0.66
cpe:/a:apache:tomcat:7.0.67
cpe:/a:apache:tomcat:7.0.68
cpe:/a:apache:tomcat:7.0.69
cpe:/a:apache:tomcat:7.0.70
cpe:/a:apache:tomcat:7.0.71
cpe:/a:apache:tomcat:7.0.72
cpe:/a:apache:tomcat:7.0.73
cpe:/a:apache:tomcat:7.0.74
cpe:/a:apache:tomcat:7.0.75
cpe:/a:apache:tomcat:7.0.76
cpe:/a:apache:tomcat:7.0.77
cpe:/a:apache:tomcat:7.0.79
cpe:/a:apache:tomcat:7.0.80

Date published: 2017-09-19T09:29:00.487-04:00

Date last modified: 2017-11-09T21:29:17.090-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/100897

Summary: When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.