7.5
CVSSv3

CVE-2017-12616

Published: 19/09/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.2

apache tomcat 7.0.49

apache tomcat 7.0.12

apache tomcat 7.0.62

apache tomcat 7.0.20

apache tomcat 7.0.34

apache tomcat 7.0.58

apache tomcat 7.0.8

apache tomcat 7.0.55

apache tomcat 7.0.1

apache tomcat 7.0.5

apache tomcat 7.0.51

apache tomcat 7.0.4

apache tomcat 7.0.63

apache tomcat 7.0.22

apache tomcat 7.0.39

apache tomcat 7.0.26

apache tomcat 7.0.46

apache tomcat 7.0.72

apache tomcat 7.0.76

apache tomcat 7.0.71

apache tomcat 7.0.28

apache tomcat 7.0.59

apache tomcat 7.0.65

apache tomcat 7.0.0

apache tomcat 7.0.50

apache tomcat 7.0.6

apache tomcat 7.0.18

apache tomcat 7.0.14

apache tomcat 7.0.48

apache tomcat 7.0.11

apache tomcat 7.0.67

apache tomcat 7.0.74

apache tomcat 7.0.23

apache tomcat 7.0.66

apache tomcat 7.0.44

apache tomcat 7.0.69

apache tomcat 7.0.80

apache tomcat 7.0.7

apache tomcat 7.0.42

apache tomcat 7.0.60

apache tomcat 7.0.37

apache tomcat 7.0.29

apache tomcat 7.0.45

apache tomcat 7.0.68

apache tomcat 7.0.13

apache tomcat 7.0.47

apache tomcat 7.0.41

apache tomcat 7.0.31

apache tomcat 7.0.30

apache tomcat 7.0.15

apache tomcat 7.0.19

apache tomcat 7.0.75

apache tomcat 7.0.16

apache tomcat 7.0.10

apache tomcat 7.0.36

apache tomcat 7.0.25

apache tomcat 7.0.54

apache tomcat 7.0.35

apache tomcat 7.0.61

apache tomcat 7.0.79

apache tomcat 7.0.57

apache tomcat 7.0.43

apache tomcat 7.0.32

apache tomcat 7.0.38

apache tomcat 7.0.21

apache tomcat 7.0.27

apache tomcat 7.0.24

apache tomcat 7.0.17

apache tomcat 7.0.40

apache tomcat 7.0.9

apache tomcat 7.0.3

apache tomcat 7.0.77

apache tomcat 7.0.56

apache tomcat 7.0.64

apache tomcat 7.0.70

apache tomcat 7.0.33

apache tomcat 7.0.73

Vendor Advisories

Debian Bug report logs - #898935 tomcat8: CVE-2018-8014: The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccors ...
Several security issues were fixed in Tomcat ...
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 2 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 2 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
It has been discovered that tomcat version 7080 and before are vulnerable to information disclosure When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request ...

Github Repositories

Tomcat PUT方法任意文件写入(CVE-2017-12615)exp

Tomcat_PUT_EXP_V14 Tomcat PUT方法任意文件写入(CVE-2017-12615)图形化漏洞利用工具 漏洞介绍 2017年9月19日,Apache Tomcat官方确认并修复了两个高危漏洞,漏洞CVE编号:CVE-2017-12615和CVE-2017-12616,其中 远程代码执行漏洞(CVE-2017-12615) 影响: Apache Tomcat 700 - 7079(7081修复不完全) 当 Tomcat 运行

Tomcat PUT方法任意文件写入(CVE-2017-12615)exp

Tomcat_PUT_EXP_V14 Tomcat PUT方法任意文件写入(CVE-2017-12615)图形化漏洞利用工具 漏洞介绍 2017年9月19日,Apache Tomcat官方确认并修复了两个高危漏洞,漏洞CVE编号:CVE-2017-12615和CVE-2017-12616,其中 远程代码执行漏洞(CVE-2017-12615) 影响: Apache Tomcat 700 - 7079(7081修复不完全) 当 Tomcat 运行