- When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
Users of the affected versions should apply one of the following
- Upgrade to Apache Tomcat 7.0.81
- WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)
- Atlassian Confluence Access Restriction Bypass
- Apache server-status enabled
- WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)
- WordPress Plugin Simple History Information Disclosure (2.7.4)