CVE-2017-12615 log

Severity High
Remote Yes
Type Arbitrary code execution
It has been discovered that tomcat version 7.0.80 and before are vulnerable to arbitrary code execution on Windows systems. When running Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Group Package Affected Fixed Severity Status Ticket
AVG-409 tomcat7 7.0.80-1 High Not affected
Only affects Windows systems.