You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/09/20 12:37:35 UTC

[Bug 61542] Apache Tomcat Remote Code Execution via JSP Upload bypass

https://bz.apache.org/bugzilla/show_bug.cgi?id=61542

Remy Maucherat <re...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|none                        |Apache Tomcat Remote Code
                   |                            |Execution via JSP Upload
                   |                            |bypass

--- Comment #2 from Remy Maucherat <re...@apache.org> ---
Hum, actually this looks like a File API issue. With the (correct) /1.jsp/ path
input, (new File(name)).getPath() just strips the trailing '/', and of course
getAbsolutePath, which is used for the safety net check, also does it. There's
a problem there.

Restoring the BZ name since it's pointless.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org