Hi,
This we require in windows systems. We will be looking at Windows 10.
Springboot application in Microsoft Azure based.
Many thanks,
Gulam Thakur
Software Developer, Synapse Dev Squad
BP Sunbury, Bldg H, 1st floor
TW16 7LN
Many thanks,
Gulam Thakur
Software Developer, Synapse Dev Squad
BP Sunbury, Bldg H, 1st floor
TW16 7LN
Mobile: +44 (0) 7443 243808
E-mail: gulam.tha...@bp.com
gulam.thakur-cic...@ibm.com
BP International Limited. Registered office: Chertsey Road, Sunbury on Thames,
Middlesex, TW16 7BP. Registered in England and Wales, number 542515.
E-mail disclaimer: The information in this e-mail is confidential and may be
legally privileged. It is intended solely for the addressee(s) only. Access to
this e-mail by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying, distribution or an action taken or omitted
to be taken in reliance on it, is prohibited and may be unlawful. Within the
bounds of law, electronic transmissions through internal and external networks
may be monitored to ensure compliance with internal policies and legitimate
business purposes.
-----Original Message-----
From: Mark Thomas [mailto:ma...@apache.org]
Sent: 19 September 2017 14:10
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Fwd: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution
via JSP upload
On 19/09/17 14:00, André Warnier (tomcat) wrote:
> Hello.
>
> Did the issue below also affect the DAV application ?
Yes, as the WebDAV servlet also processes HTTP PUT requests.
The WebDAV servlet extends the Default servlet so they actually share the
implementation.
> And if yes, also only under Windows ?
Yes. This is, as far as we can tell, Windows specific.
HTH,
Mark
>
> -------- Forwarded Message --------
> Subject: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution
> via JSP upload
> Date: Tue, 19 Sep 2017 11:58:44 +0100
> From: Mark Thomas <ma...@apache.org>
> Reply-To: Tomcat Users List <users@tomcat.apache.org>
> To: Tomcat Users List <users@tomcat.apache.org>
> CC: annou...@tomcat.apache.org <annou...@tomcat.apache.org>,
> annou...@apache.org, Tomcat Developers List <d...@tomcat.apache.org>
>
> CVE-2017-7674 Apache Tomcat Remote Code Execution via JSP Upload
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
> Apache Tomcat 7.0.0 to 7.0.79
>
> Description:
> When running on Windows with HTTP PUTs enabled (e.g. via setting the
> readonly initialisation parameter of the Default to false) it was
> possible to upload a JSP file to the server via a specially crafted
> request. This JSP could then be requested and any code it contained
> would be executed by the server.
>
> Mitigation:
> Users of the affected versions should apply one of the following
> mitigations:
> - Upgrade to Apache Tomcat 7.0.81 or later (7.0.80 was not released)
>
> Credit:
> This issue was reported responsibly to the Apache Tomcat Security Team
> by iswin from 360-sg-lab (360观星实验室)
>
> History:
> 2017-09-19 Original advisory
>
> References:
> [1] http://tomcat.apache.org/security-7.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
