Apache Tomcat Information Disclosure

Description
  • When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
Remediation
  • Users of the affected versions should apply one of the following mitigations:
    • Upgrade to Apache Tomcat 7.0.81
References