Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 19 Sep 2017 14:07:07 +0100
From: Mark Thomas <>
Subject: [SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure

CVE-2017-12616 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 7.0.0 to 7.0.80

When using a VirtualDirContext it was possible to bypass security
constraints and/or view the source code of JSPs for resources served by
the VirtualDirContext using a specially crafted request.

Users of the affected versions should apply one of the following
- Upgrade to Apache Tomcat 7.0.81

This issue was identified by the Tomcat Security Team while
investigating CVE-2017-12615.

2017-09-19 Original advisory


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ