Apache Tomcat PUT method JSP upload
Added: 10/13/2017BID: 100954
Background
Apache Tomcat is a Java web application platform.Problem
A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file.Resolution
Upgrade to Apache Tomcat 7.0.82, 8.0.47, 8.5.22, or 9.0.0 or higher.References
https://bz.apache.org/bugzilla/show_bug.cgi?id=61542Limitations
This exploit creates a web shell called sntxp.jsp which must be removed from the target manually after successful exploitation.Back to exploit index