No, we don't use org.apache.catalina.valves.rewrite.RewriteValve
which means that we are not affected?
Still I don't understand how PUT could do this if our PUT does not manipulate
files.
PUT is done by
@PUT
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
-Harri
-----Original Message-----
From: Mark Thomas <[email protected]>
Sent: maanantai 24. marraskuuta 2025 11.29
To: [email protected]
Subject: Re: About CVE-2025-55752 - PUT to /WEB-INF/ or /META-INF/
On 24/11/2025 08:54, Harri Pesonen via users wrote:
> If we have restful application that implements PUT for JSON and XML, then are
> we affected by this?
> I don't understand how client could upload something to /WEB-INF/ or
> /META-INF/ by PUT?
Is the re-write valve enabled for that web application?
If yes, do any of the rewrite rules rewrite one or more query parameters to the
URL?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
