Am 01.10.2017 um 20:10 schrieb ma...@apache.org: > Author: markt > Date: Sun Oct 1 18:10:45 2017 > New Revision: 1810270 > > URL: http://svn.apache.org/viewvc?rev=1810270&view=rev > Log: > Add CVE-2017-12617 > ... > +<p>When running on Windows with HTTP PUTs enabled (e.g. via setting the > + <code>readonly</code> initialisation parameter of the Default to > false) > + it was possible to upload a JSP file to the server via a specially > + crafted request. This JSP could then be requested and any code it > + contained would be executed by the server.</p> ...
It seems the description (for TC 7, 8 and 9) was copied from CVE-2017-12615, thus only refers to Windows and the Default servlet. Your original description of the topic was broader. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
