RC1 to 8.0.46 Apache Tomcat 7.0.0 to 7.0.81 Description: When running with HTTP PUTs enabled (e.g.
via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request.
Other important documents: Tomcat is the official reference implementation of the Java Servlet 2.2 and Java Server Pages 1.1 technologies. Because they're memory-resident, they can quickly respond to requests, as they do not incur the overhead of process creation and subsequent cleanup, unlike CGI-based scripting, e.g. From Sun's servlet site: Servlet API provides web developers with a simple, consistent mechanism for extending the functionality of a web server and for accessing existing business systems.
Developed under the Apache license in an open and participatory environment, it is intended to be a collaboration of the best-of-breed developers from around the world. A servlet can almost be thought of as an applet that runs on the server side -- without a face." JSP is comparable to other technologies such as PHP and ASP, which combine programming/scripting with a markup language like HTML.
Updating Tomcat to a version where the vulnerability is fixed is recommended in all cases.As well, it answers many questions common to new users.If you have any comments or suggestions about this document don't hesitate to send them to the Tomcat mailing lists.Where such an add-on module affects Tomcat's behavior with respect to the Servlet 2.2/JSP 1.1 specifications, Tomcat's status as a reference implementation is invalided. In addition, it can operate as an out-of-process servlet container for other web servers, such as Apache.For some webservers, such as IIS, it can operate as an in-process servlet container.