VirtualDirContext Security Bypass and JSP Source Code Exposure Vulnerability in Apache Tomcat 7.0.0 to 7.0.80

VirtualDirContext Security Bypass and JSP Source Code Exposure Vulnerability in Apache Tomcat 7.0.0 to 7.0.80

CVE-2017-12616 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Learn more about our Cis Benchmark Audit For Apache Http Server.