CVE-2017-12616
- Source
- https://cve.org/CVERecord?id=CVE-2017-12616
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12616.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-12616
- Aliases
- Downstream
- Related
- Published
- 2017-09-19T13:29:00.487Z
- Modified
- 2026-04-02T00:00:33.385829Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
- References
-
- https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
- https://usn.ubuntu.com/3665-1/
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
- https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
- http://www.securitytracker.com/id/1039393
- https://access.redhat.com/errata/RHSA-2018:0466
- http://www.securityfocus.com/bid/100897
- https://access.redhat.com/errata/RHSA-2018:0465
- https://security.netapp.com/advisory/ntap-20171018-0001/
Affected packages
Git / github.com/apache/tomcat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/tomcat
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "7.0.0" }, { "introduced": "0" }, { "last_affected": "7.0.1" }, { "introduced": "0" }, { "last_affected": "7.0.2" }, { "introduced": "0" }, { "last_affected": "7.0.3" }, { "introduced": "0" }, { "last_affected": "7.0.4" }, { "introduced": "0" }, { "last_affected": "7.0.5" }, { "introduced": "0" }, { "last_affected": "7.0.6" }, { "introduced": "0" }, { "last_affected": "7.0.7" }, { "introduced": "0" }, { "last_affected": "7.0.8" }, { "introduced": "0" }, { "last_affected": "7.0.9" }, { "introduced": "0" }, { "last_affected": "7.0.10" }, { "introduced": "0" }, { "last_affected": "7.0.11" }, { "introduced": "0" }, { "last_affected": "7.0.12" }, { "introduced": "0" }, { "last_affected": "7.0.13" }, { "introduced": "0" }, { "last_affected": "7.0.14" }, { "introduced": "0" }, { "last_affected": "7.0.15" }, { "introduced": "0" }, { "last_affected": "7.0.16" }, { "introduced": "0" }, { "last_affected": "7.0.17" }, { "introduced": "0" }, { "last_affected": "7.0.18" }, { "introduced": "0" }, { "last_affected": "7.0.19" }, { "introduced": "0" }, { "last_affected": "7.0.20" }, { "introduced": "0" }, { "last_affected": "7.0.21" }, { "introduced": "0" }, { "last_affected": "7.0.22" }, { "introduced": "0" }, { "last_affected": "7.0.23" }, { "introduced": "0" }, { "last_affected": "7.0.24" }, { "introduced": "0" }, { "last_affected": "7.0.25" }, { "introduced": "0" }, { "last_affected": "7.0.26" }, { "introduced": "0" }, { "last_affected": "7.0.27" }, { "introduced": "0" }, { "last_affected": "7.0.28" }, { "introduced": "0" }, { "last_affected": "7.0.29" }, { "introduced": "0" }, { "last_affected": "7.0.30" }, { "introduced": "0" }, { "last_affected": "7.0.31" }, { "introduced": "0" }, { "last_affected": "7.0.32" }, { "introduced": "0" }, { "last_affected": "7.0.33" }, { "introduced": "0" }, { "last_affected": "7.0.34" }, { "introduced": "0" }, { "last_affected": "7.0.35" }, { "introduced": "0" }, { "last_affected": "7.0.36" }, { "introduced": "0" }, { "last_affected": "7.0.37" }, { "introduced": "0" }, { "last_affected": "7.0.38" }, { "introduced": "0" }, { "last_affected": "7.0.39" }, { "introduced": "0" }, { "last_affected": "7.0.40" }, { "introduced": "0" }, { "last_affected": "7.0.41" }, { "introduced": "0" }, { "last_affected": "7.0.42" }, { "introduced": "0" }, { "last_affected": "7.0.43" }, { "introduced": "0" }, { "last_affected": "7.0.44" }, { "introduced": "0" }, { "last_affected": "7.0.45" }, { "introduced": "0" }, { "last_affected": "7.0.46" }, { "introduced": "0" }, { "last_affected": "7.0.47" }, { "introduced": "0" }, { "last_affected": "7.0.48" }, { "introduced": "0" }, { "last_affected": "7.0.49" }, { "introduced": "0" }, { "last_affected": "7.0.50" }, { "introduced": "0" }, { "last_affected": "7.0.51" }, { "introduced": "0" }, { "last_affected": "7.0.54" }, { "introduced": "0" }, { "last_affected": "7.0.55" }, { "introduced": "0" }, { "last_affected": "7.0.56" }, { "introduced": "0" }, { "last_affected": "7.0.57" }, { "introduced": "0" }, { "last_affected": "7.0.58" }, { "introduced": "0" }, { "last_affected": "7.0.59" }, { "introduced": "0" }, { "last_affected": "7.0.60" }, { "introduced": "0" }, { "last_affected": "7.0.61" }, { "introduced": "0" }, { "last_affected": "7.0.62" }, { "introduced": "0" }, { "last_affected": "7.0.63" }, { "introduced": "0" }, { "last_affected": "7.0.64" }, { "introduced": "0" }, { "last_affected": "7.0.65" }, { "introduced": "0" }, { "last_affected": "7.0.66" }, { "introduced": "0" }, { "last_affected": "7.0.67" }, { "introduced": "0" }, { "last_affected": "7.0.68" }, { "introduced": "0" }, { "last_affected": "7.0.69" }, { "introduced": "0" }, { "last_affected": "7.0.70" }, { "introduced": "0" }, { "last_affected": "7.0.71" }, { "introduced": "0" }, { "last_affected": "7.0.72" }, { "introduced": "0" }, { "last_affected": "7.0.73" }, { "introduced": "0" }, { "last_affected": "7.0.74" }, { "introduced": "0" }, { "last_affected": "7.0.75" }, { "introduced": "0" }, { "last_affected": "7.0.76" }, { "introduced": "0" }, { "last_affected": "7.0.77" }, { "introduced": "0" }, { "last_affected": "7.0.79" }, { "introduced": "0" }, { "last_affected": "7.0.80" } ] }
Affected versions
10.*
10.0.0
10.0.0-M1
10.0.0-M10
10.0.0-M2
10.0.0-M3
10.0.0-M4
10.0.0-M5
10.0.0-M6
10.0.0-M7
10.0.0-M8
10.0.0-M9
10.0.0.0-M1
10.0.1
10.0.10
10.0.11
10.0.12
10.0.13
10.0.14
10.0.15
10.0.16
10.0.17
10.0.18
10.0.19
10.0.2
10.0.20
10.0.21
10.0.22
10.0.23
10.0.24
10.0.25
10.0.26
10.0.27
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.1.0
10.1.0-M1
10.1.0-M10
10.1.0-M11
10.1.0-M12
10.1.0-M13
10.1.0-M14
10.1.0-M15
10.1.0-M16
10.1.0-M17
10.1.0-M18
10.1.0-M19
10.1.0-M2
10.1.0-M20
10.1.0-M3
10.1.0-M4
10.1.0-M5
10.1.0-M6
10.1.0-M7
10.1.0-M8
10.1.0-M9
10.1.1
10.1.10
10.1.11
10.1.12
10.1.13
10.1.14
10.1.15
10.1.16
10.1.17
10.1.18
10.1.19
10.1.2
10.1.20
10.1.22
10.1.23
10.1.24
10.1.25
10.1.26
10.1.27
10.1.28
10.1.29
10.1.3
10.1.30
10.1.31
10.1.32
10.1.33
10.1.34
10.1.35
10.1.36
10.1.37
10.1.38
10.1.39
10.1.4
10.1.40
10.1.41
10.1.42
10.1.43
10.1.44
10.1.45
10.1.46
10.1.47
10.1.48
10.1.49
10.1.5
10.1.50
10.1.51
10.1.52
10.1.6
10.1.7
10.1.8
10.1.9
11.*
11.0.0
11.0.0-M1
11.0.0-M10
11.0.0-M11
11.0.0-M12
11.0.0-M13
11.0.0-M14
11.0.0-M15
11.0.0-M16
11.0.0-M17
11.0.0-M18
11.0.0-M19
11.0.0-M2
11.0.0-M20
11.0.0-M21
11.0.0-M22
11.0.0-M23
11.0.0-M24
11.0.0-M25
11.0.0-M26
11.0.0-M3
11.0.0-M4
11.0.0-M5
11.0.0-M6
11.0.0-M7
11.0.0-M8
11.0.0-M9
11.0.1
11.0.10
11.0.11
11.0.12
11.0.13
11.0.14
11.0.15
11.0.16
11.0.17
11.0.18
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
11.0.8
11.0.9
7.*
7.0.0
7.0.0-RC1
7.0.0-RC2
7.0.0-RC3
7.0.0-RC4
7.0.1
7.0.10
7.0.100
7.0.101
7.0.102
7.0.103
7.0.104
7.0.105
7.0.106
7.0.107
7.0.108
7.0.109
7.0.11
7.0.12
7.0.13
7.0.14
7.0.15
7.0.16
7.0.17
7.0.18
7.0.19
7.0.2
7.0.20
7.0.21
7.0.22
7.0.23
7.0.24
7.0.25
7.0.26
7.0.27
7.0.28
7.0.29
7.0.3
7.0.30
7.0.31
7.0.32
7.0.33
7.0.34
7.0.35
7.0.36
7.0.37
7.0.38
7.0.39
7.0.4
7.0.40
7.0.41
7.0.42
7.0.43
7.0.44
7.0.45
7.0.46
7.0.47
7.0.48
7.0.49
7.0.5
7.0.50
7.0.51
7.0.52
7.0.53
7.0.54
7.0.55
7.0.56
7.0.57
7.0.58
7.0.59
7.0.6
7.0.60
7.0.61
7.0.62
7.0.63
7.0.64
7.0.65
7.0.66
7.0.67
7.0.68
7.0.69
7.0.7
7.0.70
7.0.71
7.0.72
7.0.73
7.0.74
7.0.75
7.0.76
7.0.77
7.0.78
7.0.79
7.0.8
7.0.80
7.0.81
7.0.82
7.0.83
7.0.84
7.0.85
7.0.86
7.0.87
7.0.88
7.0.89
7.0.9
7.0.90
7.0.91
7.0.92
7.0.93
7.0.94
7.0.95
7.0.96
7.0.97
7.0.98
7.0.99
8.*
8.5.0
8.5.1
8.5.10
8.5.100
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.17
8.5.18
8.5.19
8.5.2
8.5.20
8.5.21
8.5.22
8.5.23
8.5.24
8.5.25
8.5.26
8.5.27
8.5.28
8.5.29
8.5.3
8.5.30
8.5.31
8.5.32
8.5.33
8.5.34
8.5.35
8.5.36
8.5.37
8.5.38
8.5.39
8.5.4
8.5.40
8.5.41
8.5.42
8.5.43
8.5.44
8.5.45
8.5.46
8.5.47
8.5.48
8.5.49
8.5.5
8.5.50
8.5.51
8.5.52
8.5.53
8.5.54
8.5.55
8.5.56
8.5.57
8.5.58
8.5.59
8.5.6
8.5.60
8.5.61
8.5.62
8.5.63
8.5.64
8.5.65
8.5.66
8.5.67
8.5.68
8.5.69
8.5.7
8.5.70
8.5.71
8.5.72
8.5.73
8.5.74
8.5.75
8.5.76
8.5.77
8.5.78
8.5.79
8.5.8
8.5.80
8.5.81
8.5.82
8.5.83
8.5.84
8.5.85
8.5.86
8.5.87
8.5.88
8.5.89
8.5.9
8.5.90
8.5.91
8.5.92
8.5.93
8.5.94
8.5.95
8.5.96
8.5.97
8.5.98
8.5.99
9.*
9.0.0
9.0.0-M1
9.0.0-M10
9.0.0-M11
9.0.0-M12
9.0.0-M13
9.0.0-M14
9.0.0-M15
9.0.0-M16
9.0.0-M17
9.0.0-M18
9.0.0-M19
9.0.0-M2
9.0.0-M20
9.0.0-M21
9.0.0-M22
9.0.0-M23
9.0.0-M24
9.0.0-M25
9.0.0-M26
9.0.0-M27
9.0.0-M3
9.0.0-M4
9.0.0-M5
9.0.0-M6
9.0.0-M7
9.0.0-M8
9.0.0-M9
9.0.1
9.0.10
9.0.100
9.0.101
9.0.102
9.0.103
9.0.104
9.0.105
9.0.106
9.0.107
9.0.108
9.0.109
9.0.11
9.0.110
9.0.111
9.0.112
9.0.113
9.0.114
9.0.115
9.0.12
9.0.13
9.0.14
9.0.15
9.0.16
9.0.17
9.0.18
9.0.19
9.0.2
9.0.20
9.0.21
9.0.22
9.0.23
9.0.24
9.0.25
9.0.26
9.0.27
9.0.28
9.0.29
9.0.3
9.0.30
9.0.31
9.0.32
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.4
9.0.40
9.0.41
9.0.42
9.0.43
9.0.44
9.0.45
9.0.46
9.0.47
9.0.48
9.0.49
9.0.5
9.0.50
9.0.51
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.57
9.0.58
9.0.59
9.0.6
9.0.60
9.0.61
9.0.62
9.0.63
9.0.64
9.0.65
9.0.66
9.0.67
9.0.68
9.0.69
9.0.7
9.0.70
9.0.71
9.0.72
9.0.73
9.0.74
9.0.75
9.0.76
9.0.77
9.0.78
9.0.79
9.0.8
9.0.80
9.0.81
9.0.82
9.0.83
9.0.84
9.0.85
9.0.86
9.0.87
9.0.88
9.0.89
9.0.9
9.0.90
9.0.91
9.0.92
9.0.93
9.0.94
9.0.95
9.0.96
9.0.97
9.0.98
9.0.99
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12616.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.0-beta"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.2-beta"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.4-beta"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.5-beta"
}
]
}
]