tomcat漏洞，过滤PUT请求

src/com/ejweb/core/filter/BasicVerifyFilter.java

 package com.ejweb.core.filter;
 
-import java.io.IOException;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.lang3.StringUtils;
-
 import com.alibaba.fastjson.JSON;
 import com.ejweb.core.base.BaseBean;
 import com.ejweb.core.conf.GConstants;
 import com.ejweb.core.security.GlobalUtil;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.lang3.StringUtils;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
 
 /**
  * 对请求接口进行基本信息验证类 excludedPages * .* .+ 三种均为不验证数据
@@ -42,6 +35,12 @@ public class BasicVerifyFilter implements Filter {
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
             throws IOException, ServletException {
 
+        // 由于tomcat漏洞，在不升级的情况下，过滤PUT请求，直接返回
+        if ("PUT".equals(((HttpServletRequest)request).getMethod())) {
+            request.getRequestDispatcher("/WEB-INF/views/errors/401.jsp").forward(request, response);// 跳转到验证错误页面
+            return;
+        }
+
         long maxFileSize = Long.valueOf(GConstants.getValue("file.max.upload.size"));
         // HttpServletRequest reqs = (HttpServletRequest)request;
         long fileSize = ((HttpServletRequest) request).getContentLength();