CVE-2017-12615 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
It has been discovered that tomcat version 7.0.80 and before are vulnerable to arbitrary code execution on Windows systems. When running Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Group Package Affected Fixed Severity Status Ticket
AVG-409 tomcat7 7.0.80-1 High Not affected
References
https://mail-archives.apache.org/mod_mbox/tomcat-announce/201709.mbox/%3C81e3acd3-f335-ff0d-ae89-bf44bb66fca0%40apache.org%3E
http://svn.apache.org/viewvc?view=revision&revision=1804729
http://svn.apache.org/viewvc?view=revision&revision=1804604
Notes
Only affects Windows systems.