CVE-2017-12616
security constraints bypass vulnerability in org.apache.tomcat:tomcat-catalina
What is CVE-2017-12616 About?
This vulnerability allows for bypassing security constraints and/or viewing JSP source code in Apache Tomcat when using VirtualDirContext. Attackers can achieve this with a specially crafted request, potentially leading to unauthorized information disclosure. Exploitation ease is moderate due to the need for specific configuration and request crafting.
Affected Software
Technical Details
The vulnerability exists in Apache Tomcat versions 7.0.0 to 7.0.80 when using a VirtualDirContext. A specially crafted request can exploit this configuration, allowing an attacker to bypass intended security constraints set up for resources served by the VirtualDirContext. This bypass can also lead to the disclosure of JSP source code, which would normally be executed server-side and not exposed directly. The mechanism likely involves misinterpretation of the request path by the VirtualDirContext, leading it to serve unauthorized content or bypass access controls.
What is the Impact of CVE-2017-12616?
Successful exploitation may allow attackers to gain unauthorized access to restricted resources, bypass security controls, and/or obtain sensitive information such as application source code.
What is the Exploitability of CVE-2017-12616?
Exploitation requires the use of VirtualDirContext with vulnerable Apache Tomcat versions. It is of moderate complexity, as it involves crafting a specific request to exploit path handling or access control logic. No authentication is explicitly mentioned as required for access to the vulnerable endpoint, implying it could be unauthenticated depending on the resource. Privilege requirements would be those of a standard web user. The attack is remote and targets the web server. The presence of a VirtualDirContext and insecure configuration of access controls are key risk factors increasing the likelihood of successful exploitation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2017-12616?
Available Upgrade Options
- org.apache.tomcat:tomcat-catalina
- >7.0.0, <7.0.81 → Upgrade to 7.0.81
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/apache/tomcat
- https://usn.ubuntu.com/3665-1/
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
- https://security.netapp.com/advisory/ntap-20171018-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
- https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- http://www.securityfocus.com/bid/100897
What are Similar Vulnerabilities to CVE-2017-12616?
Similar Vulnerabilities: CVE-2014-0096 , CVE-2020-1938 , CVE-2021-25329 , CVE-2022-23221 , CVE-2022-45133
