Launchpad.net

CVE 2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Related bugs and status

CVE-2017-12616 (Candidate) is related to these bugs:

Bug #1721749: Security Fix - CVE-2017-12617

		In	Importance	Status
1721749	Security Fix - CVE-2017-12617	tomcat8 (Ubuntu)	Undecided	Fix Released
1721749	Security Fix - CVE-2017-12617	tomcat8 (Ubuntu Artful)	Undecided	Fix Released
1721749	Security Fix - CVE-2017-12617	tomcat8 (Ubuntu Bionic)	Undecided	Fix Released
1721749	Security Fix - CVE-2017-12617	tomcat8 (Ubuntu Xenial)	Undecided	Fix Released
1721749	Security Fix - CVE-2017-12617	tomcat7 (Ubuntu Artful)	Undecided	Won't Fix
1721749	Security Fix - CVE-2017-12617	tomcat7 (Ubuntu Bionic)	Undecided	New
1721749	Security Fix - CVE-2017-12617	tomcat7 (Ubuntu Trusty)	Undecided	Fix Released
1721749	Security Fix - CVE-2017-12617	tomcat7 (Ubuntu Xenial)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-12616

Related bugs and status

Related bugs

References