When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "libservlet3.0-java" }, { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "libservlet3.0-java-doc" }, { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "libtomcat7-java" }, { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "tomcat7" }, { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "tomcat7-admin" }, { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "tomcat7-common" }, { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "tomcat7-docs" }, { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "tomcat7-examples" }, { "binary_version": "7.0.52-1ubuntu0.14", "binary_name": "tomcat7-user" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "8.5.30-1ubuntu1", "binary_name": "libservlet3.1-java" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "libservlet3.1-java-doc" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "libtomcat8-embed-java" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "libtomcat8-java" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "tomcat8" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "tomcat8-admin" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "tomcat8-common" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "tomcat8-docs" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "tomcat8-examples" }, { "binary_version": "8.5.30-1ubuntu1", "binary_name": "tomcat8-user" } ] }