Remote code execution in Apache Tomcat 7.0

by holograham on 9/21/2017, 6:30 PM with 11 comments
  • by mdewinter on 9/21/2017, 6:56 PM

    Windows only, maybe the title can be changed.

  • by ryanlol on 9/21/2017, 6:56 PM

    It's 2017 and scanning /0 for PUT still reliably gets a bunch of shells...

  • by bastijn on 9/21/2017, 9:17 PM

    > "National Vulnerability Database The NVD is currently offline for scheduled maintenance.

    > Please check back again shortly. We apologize for the inconvenience.

    > Please direct any questions to nvd@nist.gov. Thank you."

    Perfect timing for hn Frontpage. Alt link: https://tomcat.apache.org/security-7.html

  • by nwrk on 9/21/2017, 9:39 PM

    CC: Equifax