When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2017-09-19T13:00:00Z
Updated: 2024-09-16T19:04:33.141Z
Reserved: 2017-08-07T00:00:00
Link: CVE-2017-12616
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-09-19T13:29:00.487
Modified: 2024-11-21T03:09:54.137
Link: CVE-2017-12616
Redhat