Arjen Knibbe

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 7.0.0 through 7.0.16 **Description** The issue allows local users to read or modify the web.xml, context.xml, or tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. This occurs because of a regression of a previously reported issue, which was re-introduced during the re-factoring of XML validation for Tomcat 7.0.x. If a web application is the first to be loaded, it may potentially view and/or alter the files of other web applications deployed on the Tomcat instance. **Recommendations** For Apache Tomcat versions 7.0.0 through 7.0.16, update to version 7.0.17 or later to resolve the issue.