Apache Tomcat RCE via JSP Upload


A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.


Security News: https://securitydaily.org

Disclaimer: All information and software available on this site are for educational purposes only. Use these at your own discretion, the site owners cannot be held responsible for any damages caused. The views expressed on this site are our own and do not necessarily reflect those of our employers. If you don't know how to attack, you will not know how to defense.

Apache Tomcat RCE via JSP Upload Apache Tomcat RCE via JSP Upload Reviewed by Anonymous on January 12, 2018 Rating: 5