Vulnerability CVE-2017-12616 - CERT Civis.Net

Vulnerability Name:

CVE-2017-12616 (CCN-132276)

Assigned:

2017-09-19

Published:

2017-09-19

Updated:

2019-04-15

Summary:

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2017-12616

Source: CCN
Type: IBM Security Bulletin 2010523 (Rational Build Forge)
Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade

Source: CCN
Type: IBM Security Bulletin 2010577 (Tivoli Application Dependency Discovery Manager)
Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)

Source: CCN
Type: IBM Security Bulletin 2011364 (OpenPages GRC Platform)
IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 2017032 (WebSphere Cast Iron Cloud integration)
IBM WebSphere Cast Iron Solution is affected by Tomcat vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
100897

Source: CCN
Type: BID-100897
Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039393

Source: REDHAT
Type: UNKNOWN
RHSA-2018:0465

Source: REDHAT
Type: UNKNOWN
RHSA-2018:0466

Source: XF
Type: UNKNOWN
apache-tomcat-cve201712616-info-disc(132276)

Source: CCN
Type: Apache Web site
CVE-2017-12616 Apache Tomcat Information Disclosure

Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20170919 [SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20171018-0001/

Source: CONFIRM
Type: UNKNOWN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

Source: UBUNTU
Type: UNKNOWN
USN-3665-1

Source: CONFIRM
Type: UNKNOWN
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.48:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.49:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.51:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.58:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.59:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.60:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.61:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.62:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.63:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.64:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.65:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.66:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.67:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.68:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.69:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.70:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.71:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.72:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.73:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.74:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.75:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.76:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.77:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.79:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.80:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.78:*:*:*:*:*:*:*

AND

cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:openpages_grc_platform:7.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201712616	V	CVE-2017-12616	2022-05-22
oval:org.opensuse.security:def:41191	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:42006	P	libpython2_6-1_0-2.6.0-8.9.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42051	P	tar-1.20-23.23.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:40849	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:18764	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:41317	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:41127	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18908	P	Security update for webkit2gtk3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:40416	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:19183	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:18980	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:40519	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:19219	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:19125	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:40780	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:18729	P	Security update for PackageKit (Important)	2020-12-01
oval:org.opensuse.security:def:19883	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:41288	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:40951	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:18850	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:18721	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:41368	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18942	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:40427	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:19195	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:19092	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:40671	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:40415	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:19857	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:41243	P	Security update for bzip2 (Important)	2020-12-01
oval:com.ubuntu.bionic:def:2017126160000000	V	CVE-2017-12616 on Ubuntu 18.04 LTS (bionic) - medium.	2017-09-19
oval:com.ubuntu.artful:def:201712616000	V	CVE-2017-12616 on Ubuntu 17.10 (artful) - medium.	2017-09-19
oval:com.ubuntu.xenial:def:201712616000	V	CVE-2017-12616 on Ubuntu 16.04 LTS (xenial) - medium.	2017-09-19
oval:com.ubuntu.xenial:def:2017126160000000	V	CVE-2017-12616 on Ubuntu 16.04 LTS (xenial) - medium.	2017-09-19
oval:com.ubuntu.bionic:def:201712616000	V	CVE-2017-12616 on Ubuntu 18.04 LTS (bionic) - medium.	2017-09-19
oval:com.ubuntu.cosmic:def:201712616000	V	CVE-2017-12616 on Ubuntu 18.10 (cosmic) - medium.	2017-09-19
oval:com.ubuntu.cosmic:def:2017126160000000	V	CVE-2017-12616 on Ubuntu 18.10 (cosmic) - medium.	2017-09-19
oval:com.ubuntu.trusty:def:201712616000	V	CVE-2017-12616 on Ubuntu 14.04 LTS (trusty) - medium.	2017-09-19