Apache Tomcat Remote Code Execution Vulnerability via JSP Upload

A remote code execution vulnerability has been identified in Apache Tomcat versions 7.0.0 to 7.0.79, running on Windows. When HTTP PUT requests are enabled, it is possible to upload a JSP file to the server through a specially crafted request. The uploaded JSP file can then be accessed, and any code it contains will be executed by the server. This vulnerability arises from insufficient validation of file uploads, allowing malicious JSP files to be uploaded and executed.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server.

Reproduction

To reproduce this vulnerability, upload a JSP file using the HTTP PUT method, appending a '/' to the file name to bypass extension checks. Ensure that the 'readonly' parameter of the Default servlet is set to false, and that the WebDAV servlet is not mapped to interfere with the upload.

Remediation

Users should upgrade to Apache Tomcat version 7.0.81 or later. For Red Hat JBoss Web Server users, version 3.1.0 Service Pack 2 is available.