Skip to main content

Apache Tomcat Arbitrary JSP Code Upload Vulnerability

Last Update Date: 17 Sep 2014 Release Date: 11 Sep 2014 4096 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in Apache Tomcat. A remote user can execute arbitrary code on the target system in certain cases.

 

A remote user can upload arbitrary JSP code and then cause the code to be executed in certain limited cases.


Impact

  • Remote Code Execution

System / Technologies affected

  • Versions 7.0.0 to 7.0.39

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (7.0.40)

Vulnerability Identifier


Source


Related Link