GHSA-8qq4-8jvq-mfw4

Source

https://github.com/advisories/GHSA-8qq4-8jvq-mfw4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8qq4-8jvq-mfw4/GHSA-8qq4-8jvq-mfw4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8qq4-8jvq-mfw4

Aliases

CVE-2017-12616

Published

2022-05-14T01:10:16Z

Modified

2024-02-20T05:33:03.833090Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Details

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

References

Affected packages

Maven / org.apache.tomcat:tomcat-catalina

Package

Name: org.apache.tomcat:tomcat-catalina; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-catalina

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.0.81

Affected versions

7.*

7.0.0

7.0.2

7.0.4

7.0.5

7.0.6

7.0.8

7.0.11

7.0.12

7.0.14

7.0.16

7.0.19

7.0.20

7.0.21

7.0.22

7.0.23

7.0.25

7.0.26

7.0.27

7.0.28

7.0.29

7.0.30

7.0.32

7.0.33

7.0.34

7.0.35

7.0.37

7.0.39

7.0.40

7.0.41

7.0.42

7.0.47

7.0.50

7.0.52

7.0.53

7.0.54

7.0.55

7.0.56

7.0.57

7.0.59

7.0.61

7.0.62

7.0.63

7.0.64

7.0.65

7.0.67

7.0.68

7.0.69

7.0.70

7.0.72

7.0.73

7.0.75

7.0.76

7.0.77

7.0.78

7.0.79

Database specific

{
    "last_known_affected_version_range": "<= 7.0.80"
}