Hi, This we require in windows systems. We will be looking at Windows 10. Springboot application in Microsoft Azure based.
Many thanks, Gulam Thakur Software Developer, Synapse Dev Squad BP Sunbury, Bldg H, 1st floor TW16 7LN Mobile: +44 (0) 7443 243808 E-mail: gulam.tha...@bp.com gulam.thakur-cic...@ibm.com BP International Limited. Registered office: Chertsey Road, Sunbury on Thames, Middlesex, TW16 7BP. Registered in England and Wales, number 542515. E-mail disclaimer: The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee(s) only. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or an action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Within the bounds of law, electronic transmissions through internal and external networks may be monitored to ensure compliance with internal policies and legitimate business purposes. -----Original Message----- From: André Warnier (tomcat) [mailto:a...@ice-sa.com] Sent: 19 September 2017 14:00 To: Tomcat Users List <users@tomcat.apache.org> Subject: Fwd: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload Hello. Did the issue below also affect the DAV application ? And if yes, also only under Windows ? -------- Forwarded Message -------- Subject: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload Date: Tue, 19 Sep 2017 11:58:44 +0100 From: Mark Thomas <ma...@apache.org> Reply-To: Tomcat Users List <users@tomcat.apache.org> To: Tomcat Users List <users@tomcat.apache.org> CC: annou...@tomcat.apache.org <annou...@tomcat.apache.org>, annou...@apache.org, Tomcat Developers List <d...@tomcat.apache.org> CVE-2017-7674 Apache Tomcat Remote Code Execution via JSP Upload Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 7.0.0 to 7.0.79 Description: When running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 7.0.81 or later (7.0.80 was not released) Credit: This issue was reported responsibly to the Apache Tomcat Security Team by iswin from 360-sg-lab (360观星实验室) History: 2017-09-19 Original advisory References: [1] http://tomcat.apache.org/security-7.html --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org