Date: Tue, 19 Sep 2017 14:07:07 +0100 From: Mark Thomas <markt@...che.org> To: oss-security@...ts.openwall.com Subject: [SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure CVE-2017-12616 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 7.0.0 to 7.0.80 Description: When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 7.0.81 Credit: This issue was identified by the Tomcat Security Team while investigating CVE-2017-12615. History: 2017-09-19 Original advisory References:  http://tomcat.apache.org/security-7.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.