CVE-2017-12616
tomcat: Information Disclosure when using VirtualDirContext
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
Cuando se empleó un VirtualDirContext con Apache Tomcat en sus versiones 7.0.0 a 7.0.80 fue posible omitir las restricciones de seguridad o ver el código fuente de los archivos JSP para los recursos servidos por VirtualDirContext usando una petición especialmente manipulada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-07 CVE Reserved
- 2017-09-19 CVE Published
- 2024-08-13 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (16)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0465 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2018:0466 | 2023-11-07 | |
| https://usn.ubuntu.com/3665-1 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2017-12616 | 2018-03-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1493222 | 2018-03-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.0 Search vendor "Apache" for product "Tomcat" and version "7.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.0 Search vendor "Apache" for product "Tomcat" and version "7.0.0" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.1 Search vendor "Apache" for product "Tomcat" and version "7.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.2 Search vendor "Apache" for product "Tomcat" and version "7.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.2 Search vendor "Apache" for product "Tomcat" and version "7.0.2" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.3 Search vendor "Apache" for product "Tomcat" and version "7.0.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.4 Search vendor "Apache" for product "Tomcat" and version "7.0.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.4 Search vendor "Apache" for product "Tomcat" and version "7.0.4" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.5 Search vendor "Apache" for product "Tomcat" and version "7.0.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.5 Search vendor "Apache" for product "Tomcat" and version "7.0.5" | beta |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.6 Search vendor "Apache" for product "Tomcat" and version "7.0.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.7 Search vendor "Apache" for product "Tomcat" and version "7.0.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.8 Search vendor "Apache" for product "Tomcat" and version "7.0.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.9 Search vendor "Apache" for product "Tomcat" and version "7.0.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.10 Search vendor "Apache" for product "Tomcat" and version "7.0.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.11 Search vendor "Apache" for product "Tomcat" and version "7.0.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.12 Search vendor "Apache" for product "Tomcat" and version "7.0.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.13 Search vendor "Apache" for product "Tomcat" and version "7.0.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.14 Search vendor "Apache" for product "Tomcat" and version "7.0.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.15 Search vendor "Apache" for product "Tomcat" and version "7.0.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.16 Search vendor "Apache" for product "Tomcat" and version "7.0.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.17 Search vendor "Apache" for product "Tomcat" and version "7.0.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.18 Search vendor "Apache" for product "Tomcat" and version "7.0.18" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.19 Search vendor "Apache" for product "Tomcat" and version "7.0.19" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.20 Search vendor "Apache" for product "Tomcat" and version "7.0.20" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.21 Search vendor "Apache" for product "Tomcat" and version "7.0.21" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.22 Search vendor "Apache" for product "Tomcat" and version "7.0.22" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.23 Search vendor "Apache" for product "Tomcat" and version "7.0.23" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.24 Search vendor "Apache" for product "Tomcat" and version "7.0.24" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.25 Search vendor "Apache" for product "Tomcat" and version "7.0.25" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.26 Search vendor "Apache" for product "Tomcat" and version "7.0.26" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.27 Search vendor "Apache" for product "Tomcat" and version "7.0.27" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.28 Search vendor "Apache" for product "Tomcat" and version "7.0.28" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.29 Search vendor "Apache" for product "Tomcat" and version "7.0.29" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.30 Search vendor "Apache" for product "Tomcat" and version "7.0.30" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.31 Search vendor "Apache" for product "Tomcat" and version "7.0.31" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.32 Search vendor "Apache" for product "Tomcat" and version "7.0.32" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.33 Search vendor "Apache" for product "Tomcat" and version "7.0.33" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.34 Search vendor "Apache" for product "Tomcat" and version "7.0.34" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.35 Search vendor "Apache" for product "Tomcat" and version "7.0.35" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.36 Search vendor "Apache" for product "Tomcat" and version "7.0.36" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.37 Search vendor "Apache" for product "Tomcat" and version "7.0.37" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.38 Search vendor "Apache" for product "Tomcat" and version "7.0.38" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.39 Search vendor "Apache" for product "Tomcat" and version "7.0.39" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.40 Search vendor "Apache" for product "Tomcat" and version "7.0.40" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.41 Search vendor "Apache" for product "Tomcat" and version "7.0.41" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.42 Search vendor "Apache" for product "Tomcat" and version "7.0.42" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.43 Search vendor "Apache" for product "Tomcat" and version "7.0.43" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.44 Search vendor "Apache" for product "Tomcat" and version "7.0.44" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.45 Search vendor "Apache" for product "Tomcat" and version "7.0.45" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.46 Search vendor "Apache" for product "Tomcat" and version "7.0.46" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.47 Search vendor "Apache" for product "Tomcat" and version "7.0.47" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.48 Search vendor "Apache" for product "Tomcat" and version "7.0.48" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.49 Search vendor "Apache" for product "Tomcat" and version "7.0.49" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.50 Search vendor "Apache" for product "Tomcat" and version "7.0.50" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.51 Search vendor "Apache" for product "Tomcat" and version "7.0.51" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.54 Search vendor "Apache" for product "Tomcat" and version "7.0.54" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.55 Search vendor "Apache" for product "Tomcat" and version "7.0.55" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.56 Search vendor "Apache" for product "Tomcat" and version "7.0.56" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.57 Search vendor "Apache" for product "Tomcat" and version "7.0.57" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.58 Search vendor "Apache" for product "Tomcat" and version "7.0.58" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.59 Search vendor "Apache" for product "Tomcat" and version "7.0.59" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.60 Search vendor "Apache" for product "Tomcat" and version "7.0.60" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.61 Search vendor "Apache" for product "Tomcat" and version "7.0.61" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.62 Search vendor "Apache" for product "Tomcat" and version "7.0.62" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.63 Search vendor "Apache" for product "Tomcat" and version "7.0.63" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.64 Search vendor "Apache" for product "Tomcat" and version "7.0.64" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.65 Search vendor "Apache" for product "Tomcat" and version "7.0.65" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.66 Search vendor "Apache" for product "Tomcat" and version "7.0.66" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.67 Search vendor "Apache" for product "Tomcat" and version "7.0.67" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.68 Search vendor "Apache" for product "Tomcat" and version "7.0.68" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.69 Search vendor "Apache" for product "Tomcat" and version "7.0.69" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.70 Search vendor "Apache" for product "Tomcat" and version "7.0.70" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.71 Search vendor "Apache" for product "Tomcat" and version "7.0.71" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.72 Search vendor "Apache" for product "Tomcat" and version "7.0.72" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.73 Search vendor "Apache" for product "Tomcat" and version "7.0.73" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.74 Search vendor "Apache" for product "Tomcat" and version "7.0.74" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.75 Search vendor "Apache" for product "Tomcat" and version "7.0.75" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.76 Search vendor "Apache" for product "Tomcat" and version "7.0.76" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.77 Search vendor "Apache" for product "Tomcat" and version "7.0.77" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.79 Search vendor "Apache" for product "Tomcat" and version "7.0.79" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.80 Search vendor "Apache" for product "Tomcat" and version "7.0.80" | - |
Affected
| ||||||