ByteOS Network

Vulnerability Details :

CVE-2017-12616

Assigner-apache

Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09

Published At-19 Sep, 2017 | 13:00

Updated At-16 Sep, 2024 | 19:04

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:apache

Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09

Published At:19 Sep, 2017 | 13:00

Updated At:16 Sep, 2024 | 19:04

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

The Apache Software Foundation

Product

Apache Tomcat

Versions

Affected

7.0.0 to 7.0.80

Problem Types

Type	CWE ID	Description
text	N/A	Information Disclosure

Type: text

CWE ID: N/A

Description: Information Disclosure

References

Hyperlink	Resource
http://www.securitytracker.com/id/1039393	vdb-entry x_refsource_SECTRACK
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us	x_refsource_CONFIRM
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0465	vendor-advisory x_refsource_REDHAT
https://usn.ubuntu.com/3665-1/	vendor-advisory x_refsource_UBUNTU
http://www.securityfocus.com/bid/100897	vdb-entry x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0466	vendor-advisory x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20171018-0001/	x_refsource_CONFIRM
https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6%40%3Cannounce.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST

Hyperlink: http://www.securitytracker.com/id/1039393

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.synology.com/support/security/Synology_SA_17_54_Tomcat

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0465

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://usn.ubuntu.com/3665-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.securityfocus.com/bid/100897

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0466

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://security.netapp.com/advisory/ntap-20171018-0001/

Resource:

x_refsource_CONFIRM

Hyperlink: https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6%40%3Cannounce.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securitytracker.com/id/1039393	vdb-entry x_refsource_SECTRACK x_transferred
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us	x_refsource_CONFIRM x_transferred
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2018:0465	vendor-advisory x_refsource_REDHAT x_transferred
https://usn.ubuntu.com/3665-1/	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.securityfocus.com/bid/100897	vdb-entry x_refsource_BID x_transferred
https://access.redhat.com/errata/RHSA-2018:0466	vendor-advisory x_refsource_REDHAT x_transferred
https://security.netapp.com/advisory/ntap-20171018-0001/	x_refsource_CONFIRM x_transferred
https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6%40%3Cannounce.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred

Hyperlink: http://www.securitytracker.com/id/1039393

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.synology.com/support/security/Synology_SA_17_54_Tomcat

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0465

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://usn.ubuntu.com/3665-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.securityfocus.com/bid/100897

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2018:0466

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://security.netapp.com/advisory/ntap-20171018-0001/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6%40%3Cannounce.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@apache.org

Published At:19 Sep, 2017 | 13:29

Updated At:20 Apr, 2025 | 01:37

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

The Apache Software Foundation

>>tomcat>>7.0.0

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.0

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.1

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.2

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.2

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.3

cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.4

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.4

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.5

cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.5

cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.6

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.7

cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.8

cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.9

cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.10

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.11

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.12

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.13

cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.14

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.15

cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.16

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.17

cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.18

cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.19

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.20

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.21

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.22

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.23

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.24

cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.25

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.26

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.27

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.28

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.29

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.30

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.31

cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.32

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.33

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.34

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.35

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.36

cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.37

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.38

cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.39

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.40

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.41

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.42

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.43

cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.44

cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

The Apache Software Foundation

>>tomcat>>7.0.45

cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/100897	security@apache.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039393	security@apache.org	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0465	security@apache.org	N/A
https://access.redhat.com/errata/RHSA-2018:0466	security@apache.org	N/A
https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6%40%3Cannounce.tomcat.apache.org%3E	security@apache.org	N/A
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	security@apache.org	N/A
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	security@apache.org	N/A
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	security@apache.org	N/A
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	security@apache.org	N/A
https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html	security@apache.org	N/A
https://security.netapp.com/advisory/ntap-20171018-0001/	security@apache.org	N/A
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us	security@apache.org	N/A
https://usn.ubuntu.com/3665-1/	security@apache.org	N/A
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat	security@apache.org	N/A
http://www.securityfocus.com/bid/100897	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039393	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0465	af854a3a-2127-422b-91ae-364da2661108	N/A
https://access.redhat.com/errata/RHSA-2018:0466	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6%40%3Cannounce.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.netapp.com/advisory/ntap-20171018-0001/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us	af854a3a-2127-422b-91ae-364da2661108	N/A
https://usn.ubuntu.com/3665-1/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat	af854a3a-2127-422b-91ae-364da2661108	N/A