cbcvebase.
CVE-2017-12616
published 2017-09-19

CVE-2017-12616: When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for…

PriorityP267high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
70.80%
99.3th percentile
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Affected

79 ranges· showing 25
VendorProductVersion rangeFixed in
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is exploitable only when VirtualDirContext is configured in Apache Tomcat 7.0.0 through 7.0.80; detect by inspecting Tomcat context configuration for VirtualDirContext usage
  • Monitor for specially crafted HTTP requests targeting JSP resources that may reveal JSP source code or bypass security constraints when VirtualDirContext is in use
  • Upstream fix is available at SVN revision 1804729; use this to diff and understand the exact request-handling flaw for building detection signatures
  • ·VirtualDirContext is not intended for production use; exploitation is only possible if it has been explicitly configured, limiting the real-world attack surface
  • ·Affected version range is strictly Apache Tomcat 7.0.0 to 7.0.80; Tomcat 5 and 6 are listed as not affected or out of scope by Red Hat

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.