UBUNTU-CVE-2017-12616

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2017-12616

Downstream

USN-3665-1 USN-7282-1

Published: 19 Sept 2017, 00:00

Last modified:04 Feb 2026, 03:44

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

3.0 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Sept 2017, 00:00

Published

Vulnerability first disclosed

04 Feb 2026, 03:44

Last Modified

Vulnerability information updated

Description

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

CVSS Metrics

v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Systems

ubuntu•tomcat7
< 7.0.52-1ubuntu0.14 | < 7.0.68-1ubuntu0.4+esm3 | all

References (6)

https://ubuntu.com/security/CVE-2017-12616
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6@%3Cannounce.tomcat.apache.org%3E
https://ubuntu.com/security/notices/USN-3665-1
https://www.cve.org/CVERecord?id=CVE-2017-12616
https://ubuntu.com/security/notices/USN-7282-1