Описание
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | ignored | see notes |
| esm-apps/xenial | released | 7.0.68-1ubuntu0.4+esm3 |
| esm-infra-legacy/trusty | not-affected | 7.0.52-1ubuntu0.14 |
| esm-infra/focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| bionic | not-affected | 8.5.30-1ubuntu1 |
| cosmic | not-affected | 8.5.30-1ubuntu2 |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | not-affected | 8.5.30-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it w ...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
EPSS
5 Medium
CVSS2
7.5 High
CVSS3