Date: Tue, 19 Sep 2017 14:07:07 +0100 From: Mark Thomas <markt@...che.org> To: oss-security@...ts.openwall.com Subject: [SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure CVE-2017-12616 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 7.0.0 to 7.0.80 Description: When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 7.0.81 Credit: This issue was identified by the Tomcat Security Team while investigating CVE-2017-12615. History: 2017-09-19 Original advisory References:  http://tomcat.apache.org/security-7.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ