Hi,
This we require in windows systems. We will be looking at Windows 10.
Springboot application in Microsoft Azure based.
Many thanks,
Gulam Thakur
Software Developer, Synapse Dev Squad
BP Sunbury, Bldg H, 1st floor
TW16 7LN
Mobile: +44 (0) 7443 243808
E-mail: gulam.tha...@bp.com
gulam.thakur-cic...@ibm.com
BP International Limited. Registered office: Chertsey Road, Sunbury on Thames,
Middlesex, TW16 7BP. Registered in England and Wales, number 542515.
E-mail disclaimer: The information in this e-mail is confidential and may be
legally privileged. It is intended solely for the addressee(s) only. Access to
this e-mail by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying, distribution or an action taken or omitted
to be taken in reliance on it, is prohibited and may be unlawful. Within the
bounds of law, electronic transmissions through internal and external networks
may be monitored to ensure compliance with internal policies and legitimate
business purposes.
-----Original Message-----
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: 19 September 2017 14:00
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Fwd: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via
JSP upload
Hello.
Did the issue below also affect the DAV application ?
And if yes, also only under Windows ?
-------- Forwarded Message --------
Subject: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP
upload
Date: Tue, 19 Sep 2017 11:58:44 +0100
From: Mark Thomas <ma...@apache.org>
Reply-To: Tomcat Users List <users@tomcat.apache.org>
To: Tomcat Users List <users@tomcat.apache.org>
CC: annou...@tomcat.apache.org <annou...@tomcat.apache.org>,
annou...@apache.org, Tomcat Developers List <d...@tomcat.apache.org>
CVE-2017-7674 Apache Tomcat Remote Code Execution via JSP Upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 7.0.0 to 7.0.79
Description:
When running on Windows with HTTP PUTs enabled (e.g. via setting the readonly
initialisation parameter of the Default to false) it was possible to upload a
JSP file to the server via a specially crafted request. This JSP could then be
requested and any code it contained would be executed by the server.
Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 7.0.81 or later (7.0.80 was not released)
Credit:
This issue was reported responsibly to the Apache Tomcat Security Team by iswin
from 360-sg-lab (360观星实验室)
History:
2017-09-19 Original advisory
References:
[1] http://tomcat.apache.org/security-7.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
