Xxlegend

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 7.0.0 through 7.0.79 **Description** The issue allows an attacker to upload a JSP file to the server via a specially crafted request when HTTP PUTs are enabled, for example, by setting the `readonly` initialisation parameter of the Default to `false`. This JSP file can then be requested, and any code it contains would be executed by the server. **Recommendations** For Apache Tomcat versions 7.0.0 through 7.0.79, update to version 7.0.81 to obtain a version that includes the fix for this issue. As a temporary workaround, consider disabling HTTP PUTs by setting the `readonly` initialisation parameter of the Default to `true` until a patch is applied. Restrict access to the server to minimize the risk of exploitation.