CVE-2017-12615 - log back

CVE-2017-12615 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ It has been discovered that tomcat version 7.0.80 and before are vulnerable to arbitrary code execution on Windows systems. When running Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
References
+ https://mail-archives.apache.org/mod_mbox/tomcat-announce/201709.mbox/%3C81e3acd3-f335-ff0d-ae89-bf44bb66fca0%40apache.org%3E
+ http://svn.apache.org/viewvc?view=revision&revision=1804729
+ http://svn.apache.org/viewvc?view=revision&revision=1804604
Notes
+ Only affects Windows systems.