Description

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Remediation

References

CVE-2017-12616

Related Vulnerabilities

WebLogic Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21350)

WordPress Plugin WP-FaceThumb 'pagination_wp_facethumb' Parameter Cross-Site Scripting (0.1)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.23)

WordPress Plugin 1 Flash Gallery Cross-Site Scripting and SQL Injection Vulnerabilities (0.2.5)

WordPress Plugin Block wp-login Cross-Site Request Forgery (1.3.0)

Severity

High

Classification

CVE-2017-12616 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities