When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat |
||
netapp oncommand balance - |
||
netapp oncommand shift - |
||
netapp 7-mode transition tool - |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux for scientific computing 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat jboss enterprise web server 2.0.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux server aus 7.4 |
||
redhat jboss enterprise web server 3.0.0 |
||
redhat enterprise linux server tus 7.4 |
||
redhat enterprise linux eus 7.4 |
||
redhat enterprise linux eus 7.5 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux eus 7.6 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server tus 7.7 |
||
redhat enterprise linux eus 7.7 |
||
redhat enterprise linux server update services for sap solutions 7.7 |
||
redhat enterprise linux server update services for sap solutions 7.6 |
||
redhat enterprise linux for power big endian eus 7.4 ppc64 |
||
redhat enterprise linux for power big endian eus 7.5 ppc64 |
||
redhat enterprise linux for power big endian eus 7.6 ppc64 |
||
redhat enterprise linux for power big endian eus 7.7 ppc64 |
||
redhat enterprise linux server for power little endian update services for sap solutions 9.2 ppc64le |
||
redhat enterprise linux for power little endian 7.0 ppc64le |
||
redhat enterprise linux for power big endian 7.0 ppc64 |
||
redhat enterprise linux for ibm z systems 7.0 s390x |
||
redhat enterprise linux server for power little endian update services for sap solutions 7.7 ppc64le |
||
redhat enterprise linux server for power little endian update services for sap solutions 7.6 ppc64le |
||
redhat enterprise linux server for power little endian update services for sap solutions 7.4 ppc64le |
||
redhat enterprise linux server update services for sap solutions 7.4 |
||
redhat enterprise linux eus compute node 7.7 |
||
redhat enterprise linux eus compute node 7.6 |
||
redhat enterprise linux eus compute node 7.5 |
||
redhat enterprise linux eus compute node 7.4 |
||
redhat enterprise linux for power little endian eus 7.7 ppc64le |
||
redhat enterprise linux for power little endian eus 7.6 ppc64le |
||
redhat enterprise linux for power little endian eus 7.5 ppc64le |
||
redhat enterprise linux for power little endian eus 7.4 ppc64le |
||
redhat enterprise linux for ibm z systems eus 7.7 s390x |
||
redhat enterprise linux for ibm z systems eus 7.6 s390x |
||
redhat enterprise linux for ibm z systems eus 7.5 s390x |
||
redhat enterprise linux for ibm z systems eus 7.4 s390x |
||
redhat jboss enterprise web server text-only advisories - |
Cryptojacking campaign we have dubbed Beapy is exploiting the EternalBlue exploit and primarily impacting enterprises in China.
Posted: 24 Apr, 20196 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinBeapy: Cryptojacking Worm Hits Enterprises in ChinaCryptojacking campaign we have dubbed Beapy is exploiting the EternalBlue exploit and primarily impacting enterprises in China.Beapy is a cryptojacking campaign impacting enterprises that uses the EternalBlue exploit and stolen and hardcoded credentials to spread rapidly across networks. Beapy act...