CVE-2017-12616

Priority
Medium
Description
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was
possible to bypass security constraints and/or view the source code of JSPs
for resources served by the VirtualDirContext using a specially crafted
request.
References
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
More Information

Updated: 2018-04-28 06:24:45 UTC (commit 14638)