A vulnerability exists in Apache Tomcat that, when exploited, could allow attackers to execute arbitrary code on the targeted host.
Apache Tomcat 7.0.0 to 7.0.81
Apache Tomcat 8.0.0.RC1 to 8.0.46, 8.5.0 to 8.5.22
Apache Tomcat 9.0.0.M1 to 9.0.0.M21
Exploitation could allow attackers to execute arbitrary code on the targeted host. An attacker can successfully exploit this vulnerability by submitting a specially crafted request for the host to process.
NIRT rates this vulnerability as Severity Level #3 for internal servers and will continue to monitor the situation providing updates where appropriate.
Apply the following patches where appropriate:
Security Update Information
NIRT recommends a careful review of all vendor notes related to this vulnerability. Customers should proceed with appropriate testing and planning to meet the required due date.