CVE-2017-12615

Warning

Exploit

EPSS 94.36%
Published 19.09.2017 13:29:00
Last modified 20.04.2025 01:37:25
Source security@apache.org
Teams watchlist Login
Open Login

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Affected products Warnungen 1 Metrics 4 CWE 1 References 22

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Tomcat Version >= 7.0.0 <= 7.0.79

Microsoft ≫ Windows Version-

Netapp ≫ 7-mode Transition Tool Version-

Netapp ≫ Oncommand Balance Version-

Netapp ≫ Oncommand Shift Version-

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.4

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.6

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.7

Redhat ≫ Jboss Enterprise Web Server Version2.0.0

Redhat ≫ Jboss Enterprise Web Server Version3.0.0

Redhat ≫ Jboss Enterprise Web Server Text-only Advisories Version-

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version7.4

Redhat ≫ Enterprise Linux Eus Version7.5

Redhat ≫ Enterprise Linux Eus Version7.6

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Eus Compute Node Version7.4

Redhat ≫ Enterprise Linux Eus Compute Node Version7.5

Redhat ≫ Enterprise Linux Eus Compute Node Version7.6

Redhat ≫ Enterprise Linux Eus Compute Node Version7.7

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.4_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.5_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.6_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.7_s390x

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.4_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.5_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.6_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.7_ppc64

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.4_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.5_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.6_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.7_ppc64le

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version7.4_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version7.6_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version7.7_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.2_ppc64le

Redhat ≫ Enterprise Linux Server Tus Version7.4

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apache Tomcat on Windows Remote Code Execution Vulnerability

Vulnerability

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.36%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H