[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

Information disclosure vulnerability in Tomcat when using VirtualDirContext - CVE-2017-12616

ID: oval:org.secpod.oval:def:45289Date: (C)2018-04-19   (M)2024-02-19
Class: VULNERABILITYFamily: unix




When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Platform:
Ubuntu 16.04
Ubuntu 14.04
Ubuntu 17.10
Product:
tomcat7
libtomcat7-java
Reference:
CVE-2017-12616
CVE    1
CVE-2017-12616
CPE    5
cpe:/o:ubuntu:ubuntu_linux:16.04
cpe:/o:ubuntu:ubuntu_linux:14.04
cpe:/a:apache:tomcat7
cpe:/a:apache:libtomcat7-java
...

© SecPod Technologies