The body of the original advisory referred to CVE-2017-7674. This was
incorrect. It was a copy and paste error from a previous Tomcat advisory.
The correct CVE reference is CVE-2017-12615, as per the subject line.
On 19/09/17 11:58, Mark Thomas wrote:
> CVE-2017-12615 Apache Tomcat Remote Code
CVE-2017-7674 Apache Tomcat Remote Code Execution via JSP Upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 7.0.0 to 7.0.79
Description:
When running on Windows with HTTP PUTs enabled (e.g. via setting the
readonly initialisation parameter of
