Apache Tomcat vulnerability could allow an unauthorised attacker to execute malicious code on affected servers remotely. Remote code execution (RCE) vulnerability (CVE-2017-12617) is due to insufficient validation of user-supplied input by the affected software. Only systems with HTTP PUTs enabled (via setting the “read-only” initialization parameter of the Default Servlet to “false”) are affected. The vulnerability has been addressed with the release of versions 9.0.1 (Beta), 8.5.23, 8.0.
Source: https://thehackernews.com/2017/10/apache-tomcat-rce.html