Question
A Tomcat server is vulnerable to CVE-2017-12616
in case VirtualDirContext
is used.
Can OA UI service be affected?
Answer
No, VirtualDirContext
is not enabled by default:
[root@ui conf]# grep -r 'VirtualDirContext' /usr/local/apache-tomcat-7.0.55/conf/*
[empty output]
[root@ui conf]# grep -r 'VirtualDirContext' /usr/local/pem/etc/ui/conf/*
[empty output]