Описание
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
Отчет
VirtualDirContext is not designed to be used in production, but only to ease development with IDEs without needing to fully republish jars in WEB-INF/lib.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | tomcat5 | Not affected | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Will not fix | ||
| Red Hat Enterprise Linux 7 | tomcat | Will not fix | ||
| Red Hat JBoss Data Grid 6 | jbossweb | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | jbossweb | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossweb | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 2 | tomcat7 | Will not fix | ||
| Red Hat JBoss Fuse 6 | jbossweb | Not affected | ||
| Red Hat JBoss Operations Network 3 | jbossweb | Will not fix | ||
| Red Hat JBoss Portal 6 | jbossweb | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it w ...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
EPSS
5.3 Medium
CVSS3