Arbitrary File Upload Affecting org.apache.tomcat:tomcat-coyote Open this link in a new tab package, versions [9.0.0,9.0.31) [8.0.0, 8.5.51) [,7.0.100)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
24 Feb 2020
20 Feb 2020
How to fix?
org.apache.tomcat:tomcat-coyote to version 9.0.31, 8.5.51, 7.0.100 or higher.
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser.
Affected versions of this package are vulnerable to Arbitrary File Upload. This is enabled by default with a default configuration port of
A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).