Apache Tomcat on Windows Remote Code Execution Vulnerability
NVDKnown Exploited Vulnerability
CVE-2017-12615, Apache Tomcat on Windows Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
The following remediation steps are recommended / required by April 15, 2022: Apply updates per vendor instructions.