Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12615

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Published

2017-09-19T13:29:00.190

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-434
Type: Secondary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	tomcat	≤ 7.0.79	Yes
Operating System	microsoft	windows	-	No
Application	netapp	7-mode_transition_tool	-	Yes
Application	netapp	oncommand_balance	-	Yes
Application	netapp	oncommand_shift	-	Yes
Application	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.4	Yes
Application	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.6	Yes
Application	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.7	Yes
Application	redhat	jboss_enterprise_web_server	2.0.0	Yes
Application	redhat	jboss_enterprise_web_server	3.0.0	Yes
Application	redhat	jboss_enterprise_web_server_text-only_advisories	-	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_eus	7.4	Yes
Operating System	redhat	enterprise_linux_eus	7.5	Yes
Operating System	redhat	enterprise_linux_eus	7.6	Yes
Operating System	redhat	enterprise_linux_eus	7.7	Yes
Operating System	redhat	enterprise_linux_eus_compute_node	7.4	Yes
Operating System	redhat	enterprise_linux_eus_compute_node	7.5	Yes
Operating System	redhat	enterprise_linux_eus_compute_node	7.6	Yes
Operating System	redhat	enterprise_linux_eus_compute_node	7.7	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	7.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	7.4_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	7.5_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	7.6_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	7.7_s390x	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian	7.0_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.4_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.5_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.6_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.7_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	7.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	7.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	7.5_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	7.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	7.7_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_scientific_computing	7.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.7	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	7.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	7.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	7.7_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_tus	7.4	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.7	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes

References

http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html Exploit ([email protected])
http://www.securityfocus.com/bid/100901 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039392 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2017:3080 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3081 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3113 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3114 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0465 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0466 Third Party Advisory ([email protected])
https://github.com/breaktoprotect/CVE-2017-12615 Exploit, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch ([email protected])
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch ([email protected])
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch ([email protected])
https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E Issue Tracking, Mailing List ([email protected])
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E Mailing List ([email protected])
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch ([email protected])
https://security.netapp.com/advisory/ntap-20171018-0001/ Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/42953/ Third Party Advisory, VDB Entry ([email protected])
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat Third Party Advisory ([email protected])
http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/100901 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039392 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3080 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3081 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3113 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3114 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0465 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0466 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/breaktoprotect/CVE-2017-12615 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E Issue Tracking, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20171018-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42953/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)