On 22/09/17 10:36, Maarten van Hulsentop wrote:
> I have tried to reproduce this issue on a fresh tomcat 7.0.78 installation.
> The issue can indeed easily be reproduced on the default servlet by setting
> the readonly property to false. After that, it is possible to PUT the jsp
> and the GET reque
Hello,
Op wo 20 sep. 2017 om 09:27 schreef Mark Thomas :
> On 19/09/17 14:10, Mark Thomas wrote:
> > On 19/09/17 14:00, André Warnier (tomcat) wrote:
> >> Hello.
> >>
> >> Did the issue below also affect the DAV application ?
> >
> > Yes, as the WebDAV servlet also processes HTTP PUT requests.
>
On 19/09/17 14:10, Mark Thomas wrote:
> On 19/09/17 14:00, André Warnier (tomcat) wrote:
>> Hello.
>>
>> Did the issue below also affect the DAV application ?
>
> Yes, as the WebDAV servlet also processes HTTP PUT requests.
>
> The WebDAV servlet extends the Default servlet so they actually share
-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: 19 September 2017 14:10
To: Tomcat Users List
Subject: Re: Fwd: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution
via JSP upload
On 19/09/17 14:00, André Warnier (tomcat) wrote:
> Hello.
>
> Did the issue below also affec
On 19/09/17 14:00, André Warnier (tomcat) wrote:
> Hello.
>
> Did the issue below also affect the DAV application ?
Yes, as the WebDAV servlet also processes HTTP PUT requests.
The WebDAV servlet extends the Default servlet so they actually share
the implementation.
> And if yes, also only unde
Hello.
Did the issue below also affect the DAV application ?
And if yes, also only under Windows ?
Forwarded Message
Subject: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP
upload
Date: Tue, 19 Sep 2017 11:58:44 +0100
From: Mark Thomas
Reply-To: Tomcat
