When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 02:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-09-19 13:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-12615
Mitre link : CVE-2017-12615
CVE.ORG link : CVE-2017-12615
JSON object : View
Products Affected
apache
- tomcat
microsoft
- windows
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type