Skip to main content

Apache Tomcat Arbitrary JSP Code Upload Vulnerability

Last Update Date: 17 Sep 2014 Release Date: 11 Sep 2014 2298 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in Apache Tomcat. A remote user can execute arbitrary code on the target system in certain cases.


A remote user can upload arbitrary JSP code and then cause the code to be executed in certain limited cases.


  • Remote Code Execution

System / Technologies affected

  • Versions 7.0.0 to 7.0.39


Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (7.0.40)

Vulnerability Identifier


Related Link