vulnerability

Apache Tomcat: Important: Information Disclosure (CVE-2017-12616)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Sep 19, 2017

Added

Sep 21, 2017

Modified

Jun 19, 2026

Description

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Solutions

apache-tomcat-upgrade-7_0_81apache-tomcat-7_0apache-tomcat-upgrade-latest

References

CVE-2017-12616
https://attackerkb.com/topics/CVE-2017-12616
https://tomcat.apache.org/security-7.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-3217
CWE-200
EUVD-EUVD-2022-3217

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report