Apache Tomcat Arbitrary JSP Code Upload Vulnerability
Last Update Date:
17 Sep 2014
Release Date:
11 Sep 2014
4096
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
A vulnerability has been identified in Apache Tomcat. A remote user can execute arbitrary code on the target system in certain cases.
A remote user can upload arbitrary JSP code and then cause the code to be executed in certain limited cases.
Impact
- Remote Code Execution
System / Technologies affected
- Versions 7.0.0 to 7.0.39
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (7.0.40)
Vulnerability Identifier
Source
Related Link
Share with