Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201709-17 ========================================= Severity: Medium Date : 2017-09-19 CVE-ID : CVE-2017-12616 Package : tomcat7 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-408 Summary ====== The package tomcat7 before version 7.0.81-1 is vulnerable to information disclosure. Resolution ========= Upgrade to 7.0.81-1. # pacman -Syu "tomcat7>=7.0.81-1" The problem has been fixed upstream in version 7.0.81. Workaround ========= None. Description ========== It has been discovered that tomcat version 7.0.80 and before are vulnerable to information disclosure. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. Impact ===== A remote attacker is able to view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. References ========= https://tomcat.apache.org/security-7.html https://lists.apache.org/thread/%This email address is being protected from spambots. You need JavaScript enabled to view it. %3E https://security.archlinux.org/CVE-2017-12616