CVE-2017-12615 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	It has been discovered that tomcat version 7.0.80 and before are vulnerable to arbitrary code execution on Windows systems. When running Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-409	tomcat7	7.0.80-1		High	Not affected

References
https://mail-archives.apache.org/mod_mbox/tomcat-announce/201709.mbox/%3C81e3acd3-f335-ff0d-ae89-bf44bb66fca0%40apache.org%3E http://svn.apache.org/viewvc?view=revision&revision=1804729 http://svn.apache.org/viewvc?view=revision&revision=1804604

References

https://mail-archives.apache.org/mod_mbox/tomcat-announce/201709.mbox/%3C81e3acd3-f335-ff0d-ae89-bf44bb66fca0%40apache.org%3E
http://svn.apache.org/viewvc?view=revision&revision=1804729
http://svn.apache.org/viewvc?view=revision&revision=1804604

Notes
Only affects Windows systems.