Apache Tomcat JSP Upload RCE
Impact: High
Description
Apache Tomcat is susceptible to a Remote Code Execution (RCE) vulnerability when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, attackers can upload a JSP file to the server. Subsequently, this JSP file can be requested, and any code it contains will be executed by the server.
Recommendation
To mitigate this vulnerability, it is recommended to upgrade to the latest stable version of Apache Tomcat. Additionally, ensure that the readonly
parameter is set to true in the servlet configurations:
<servlet>
<servlet-name>HelloWorld</servlet-name>
<servlet-class>HelloWorldServlet</servlet-class>
<init-param>
<param-name>readonly</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
References
👉 You might also like:
Apache Struts 2 RCE S2-045 - CVE-2017-5638
Apache Struts 2 REST plugin XStream RCE S2-052 - CVE-2017-9805
Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013
Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230
Last updated on May 13, 2024