CVE-2017-12616

Description

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

91.499

Associated Vulnerability

Vulnerability	OS Platform
Update Tomcat to 9.5.14	Windows
Update Tomcat to 9.5.5	Windows
Update Tomcat to 9.5.7	Windows
Update Tomcat to 9.5.8	Windows
Update Tomcat to 9.6.10	Windows
Update Tomcat to 9.6.3	Windows
Update Tomcat to 9.6.4	Windows
Update Tomcat to 9.6.7	Windows
Update Tomcat to 9.6.8	Windows
Update Tomcat to 2.4.5	Windows
Update Tomcat to 3.0.14	Windows
Vulnerabilities CVE-2017-12616 are fixed in Apache-tomcat-catalina 7.0.81	Windows
Servlet and JSP engine (USN-3665-1) tomcat7_7.0.52-1ubuntu0.14_all.deb	Linux
Servlet and JSP engine (USN-3665-1) tomcat8_8.0.32-1ubuntu1.6_all.deb	Linux
Servlet and JSP engine (USN-3665-1) tomcat8_8.5.21-1ubuntu1.1_all.deb	Linux
Servlet and JSP engine (USN-3665-1) libtomcat8-java_8.0.32-1ubuntu1.6_all.deb	Linux
Servlet and JSP engine (USN-3665-1) libtomcat8-java_8.5.21-1ubuntu1.1_all.deb	Linux
Update Tomcat to 9.5.14 (For Linux)	Linux
Update Tomcat to 9.5.5 (For Linux)	Linux
Update Tomcat to 9.5.7 (For Linux)	Linux
Update Tomcat to 9.5.8 (For Linux)	Linux
Update Tomcat to 9.6.10 (For Linux)	Linux
Update Tomcat to 9.6.3 (For Linux)	Linux
Update Tomcat to 9.6.4 (For Linux)	Linux
Update Tomcat to 9.6.7 (For Linux)	Linux
Update Tomcat to 9.6.8 (For Linux)	Linux
Update Tomcat to 2.4.5 (For Linux)	Linux
Update Tomcat to 3.0.14 (For Linux)	Linux
Vulnerabilities CVE-2017-12616 are fixed in Apache-tomcat-catalina for Linux 7.0.81	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234