Description
When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
Remediation
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 7.0.81
References
Related Vulnerabilities
WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)
WordPress Plugin Simply Static Arbitrary File Download (1.6.2)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.11)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)