When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-09-19T13:00:00Z

Updated: 2024-09-16T19:04:33.141Z

Reserved: 2017-08-07T00:00:00

Link: CVE-2017-12616

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-19T13:29:00.487

Modified: 2024-11-21T03:09:54.137

Link: CVE-2017-12616

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-09-19T00:00:00Z

Links: CVE-2017-12616 - Bugzilla