CVEs-PoC/2017/CVE-2017-12616.md

### [CVE-2017-12616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12616)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)

### Description

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CrackerCat/myhktools
- https://github.com/GhostTroops/myhktools
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/do0dl3/myhktools
- https://github.com/hktalent/myhktools
- https://github.com/iqrok/myhktools
- https://github.com/r0eXpeR/redteam_vul
- https://github.com/safe6Sec/PentestNote
- https://github.com/superfish9/pt
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trganda/dockerv
- https://github.com/trhacknon/myhktools
- https://github.com/woods-sega/woodswiki
- https://github.com/xiaokp7/Tomcat_PUT_GUI_EXP