When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | 7.0 (including) | 7.0 (including) |
Tomcat | Apache | 7.0.0 (including) | 7.0.0 (including) |
Tomcat | Apache | 7.0.0-beta (including) | 7.0.0-beta (including) |
Tomcat | Apache | 7.0.1 (including) | 7.0.1 (including) |
Tomcat | Apache | 7.0.2 (including) | 7.0.2 (including) |
Tomcat | Apache | 7.0.2-beta (including) | 7.0.2-beta (including) |
Tomcat | Apache | 7.0.3 (including) | 7.0.3 (including) |
Tomcat | Apache | 7.0.4 (including) | 7.0.4 (including) |
Tomcat | Apache | 7.0.4-beta (including) | 7.0.4-beta (including) |
Tomcat | Apache | 7.0.5 (including) | 7.0.5 (including) |
Tomcat | Apache | 7.0.5-beta (including) | 7.0.5-beta (including) |
Tomcat | Apache | 7.0.6 (including) | 7.0.6 (including) |
Tomcat | Apache | 7.0.7 (including) | 7.0.7 (including) |
Tomcat | Apache | 7.0.8 (including) | 7.0.8 (including) |
Tomcat | Apache | 7.0.9 (including) | 7.0.9 (including) |
Tomcat | Apache | 7.0.10 (including) | 7.0.10 (including) |
Tomcat | Apache | 7.0.11 (including) | 7.0.11 (including) |
Tomcat | Apache | 7.0.12 (including) | 7.0.12 (including) |
Tomcat | Apache | 7.0.13 (including) | 7.0.13 (including) |
Tomcat | Apache | 7.0.14 (including) | 7.0.14 (including) |
Tomcat | Apache | 7.0.15 (including) | 7.0.15 (including) |
Tomcat | Apache | 7.0.16 (including) | 7.0.16 (including) |
Tomcat | Apache | 7.0.17 (including) | 7.0.17 (including) |
Tomcat | Apache | 7.0.18 (including) | 7.0.18 (including) |
Tomcat | Apache | 7.0.19 (including) | 7.0.19 (including) |
Tomcat | Apache | 7.0.20 (including) | 7.0.20 (including) |
Tomcat | Apache | 7.0.21 (including) | 7.0.21 (including) |
Tomcat | Apache | 7.0.22 (including) | 7.0.22 (including) |
Tomcat | Apache | 7.0.23 (including) | 7.0.23 (including) |
Tomcat | Apache | 7.0.24 (including) | 7.0.24 (including) |
Tomcat | Apache | 7.0.25 (including) | 7.0.25 (including) |
Tomcat | Apache | 7.0.26 (including) | 7.0.26 (including) |
Tomcat | Apache | 7.0.27 (including) | 7.0.27 (including) |
Tomcat | Apache | 7.0.28 (including) | 7.0.28 (including) |
Tomcat | Apache | 7.0.29 (including) | 7.0.29 (including) |
Tomcat | Apache | 7.0.30 (including) | 7.0.30 (including) |
Tomcat | Apache | 7.0.31 (including) | 7.0.31 (including) |
Tomcat | Apache | 7.0.32 (including) | 7.0.32 (including) |
Tomcat | Apache | 7.0.33 (including) | 7.0.33 (including) |
Tomcat | Apache | 7.0.34 (including) | 7.0.34 (including) |
Tomcat | Apache | 7.0.35 (including) | 7.0.35 (including) |
Tomcat | Apache | 7.0.36 (including) | 7.0.36 (including) |
Tomcat | Apache | 7.0.37 (including) | 7.0.37 (including) |
Tomcat | Apache | 7.0.38 (including) | 7.0.38 (including) |
Tomcat | Apache | 7.0.39 (including) | 7.0.39 (including) |
Tomcat | Apache | 7.0.40 (including) | 7.0.40 (including) |
Tomcat | Apache | 7.0.41 (including) | 7.0.41 (including) |
Tomcat | Apache | 7.0.42 (including) | 7.0.42 (including) |
Tomcat | Apache | 7.0.43 (including) | 7.0.43 (including) |
Tomcat | Apache | 7.0.44 (including) | 7.0.44 (including) |
Tomcat | Apache | 7.0.45 (including) | 7.0.45 (including) |
Tomcat | Apache | 7.0.46 (including) | 7.0.46 (including) |
Tomcat | Apache | 7.0.47 (including) | 7.0.47 (including) |
Tomcat | Apache | 7.0.48 (including) | 7.0.48 (including) |
Tomcat | Apache | 7.0.49 (including) | 7.0.49 (including) |
Tomcat | Apache | 7.0.50 (including) | 7.0.50 (including) |
Tomcat | Apache | 7.0.51 (including) | 7.0.51 (including) |
Tomcat | Apache | 7.0.54 (including) | 7.0.54 (including) |
Tomcat | Apache | 7.0.55 (including) | 7.0.55 (including) |
Tomcat | Apache | 7.0.56 (including) | 7.0.56 (including) |
Tomcat | Apache | 7.0.57 (including) | 7.0.57 (including) |
Tomcat | Apache | 7.0.58 (including) | 7.0.58 (including) |
Tomcat | Apache | 7.0.59 (including) | 7.0.59 (including) |
Tomcat | Apache | 7.0.60 (including) | 7.0.60 (including) |
Tomcat | Apache | 7.0.61 (including) | 7.0.61 (including) |
Tomcat | Apache | 7.0.62 (including) | 7.0.62 (including) |
Tomcat | Apache | 7.0.63 (including) | 7.0.63 (including) |
Tomcat | Apache | 7.0.64 (including) | 7.0.64 (including) |
Tomcat | Apache | 7.0.65 (including) | 7.0.65 (including) |
Tomcat | Apache | 7.0.66 (including) | 7.0.66 (including) |
Tomcat | Apache | 7.0.67 (including) | 7.0.67 (including) |
Tomcat | Apache | 7.0.68 (including) | 7.0.68 (including) |
Tomcat | Apache | 7.0.69 (including) | 7.0.69 (including) |
Tomcat | Apache | 7.0.70 (including) | 7.0.70 (including) |
Tomcat | Apache | 7.0.71 (including) | 7.0.71 (including) |
Tomcat | Apache | 7.0.72 (including) | 7.0.72 (including) |
Tomcat | Apache | 7.0.73 (including) | 7.0.73 (including) |
Tomcat | Apache | 7.0.74 (including) | 7.0.74 (including) |
Tomcat | Apache | 7.0.75 (including) | 7.0.75 (including) |
Tomcat | Apache | 7.0.76 (including) | 7.0.76 (including) |
Tomcat | Apache | 7.0.77 (including) | 7.0.77 (including) |
Tomcat | Apache | 7.0.79 (including) | 7.0.79 (including) |