CVE-2017-12616

Priority
Medium
Description
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was
possible to bypass security constraints and/or view the source code of JSPs
for resources served by the VirtualDirContext using a specially crafted
request.
References
Notes
 mdeslaur> this commit is included in commit list for CVE-2017-12617
Package
Upstream:released (7.0.82)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (7.0.52-1ubuntu0.14)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.10 (Artful Aardvark):ignored (reached end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Patches:
Upstream:https://svn.apache.org/r1804729
Package
Upstream:released (8.0.47,8.5.23)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (8.5.30-1ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (8.5.30-1ubuntu2)
More Information

Updated: 2018-07-20 15:19:35 UTC (commit a528766076160b2c60cf56892e2070e2c83615a3)