Arbitrary Code Execution via Unrestricted File Upload in Apache Tomcat 7.x

Arbitrary Code Execution via Unrestricted File Upload in Apache Tomcat 7.x

CVE-2013-4444 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Learn more about our Cis Benchmark Audit For Apache Http Server.