### [CVE-2017-12616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12616)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.0.0%20to%207.0.80%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brightgreen)

### Description

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CrackerCat/myhktools
- https://github.com/GhostTroops/myhktools
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/brunsu/woodswiki
- https://github.com/do0dl3/myhktools
- https://github.com/dusbot/cpe2cve
- https://github.com/hktalent/myhktools
- https://github.com/iqrok/myhktools
- https://github.com/r0eXpeR/redteam_vul
- https://github.com/safe6Sec/PentestNote
- https://github.com/superfish9/pt
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trganda/dockerv
- https://github.com/trhacknon/myhktools
- https://github.com/woods-sega/woodswiki
- https://github.com/xiaokp7/Tomcat_PUT_GUI_EXP