Skip to main content

CVE-2017-12615

Severity

8.1

Description

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Project

Category
Remote Code Execution
Tags
data
operational
Date Disclosed

2017-09-19

Date Discovered

2017-08-07

Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.