8.1

CVE-2017-12617

Warning
Exploit

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Data is provided by the National Vulnerability Database (NVD)
ApacheTomcat Version >= 7.0.0 < 7.0.82
ApacheTomcat Version >= 8.0 < 8.0.47
ApacheTomcat Version >= 8.5.0 < 8.5.23
ApacheTomcat Version >= 9.0.0 < 9.0.1
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version17.10
CanonicalUbuntu Linux Version18.04 SwEditionesm
OracleAgile Plm Version9.3.3
OracleAgile Plm Version9.3.4
OracleAgile Plm Version9.3.5
OracleAgile Plm Version9.3.6
OracleFmw Platform Version12.2.1.2.0
OracleFmw Platform Version12.2.1.3.0
OracleHospitality Guest Access Version4.2.0
OracleHospitality Guest Access Version4.2.1
OracleManagement Pack Version11.2.1.0.13 SwPlatformgoldengate
OracleMicros Lucas Version2.9.5
OracleMysql Enterprise Monitor Version <= 3.3.6.3293
OracleMysql Enterprise Monitor Version >= 3.4.0 <= 3.4.4.4226
OracleMysql Enterprise Monitor Version >= 4.0.0 <= 4.0.0.5135
OracleRetail Back Office Version14.0.4
OracleRetail Back Office Version14.1.3
OracleRetail Central Office Version14.0.4
OracleRetail Central Office Version14.1.3
OracleRetail Eftlink Version1.1.124
OracleRetail Eftlink Version15.0.1
OracleRetail Eftlink Version16.0.2
OracleRetail Insights Version14.0
OracleRetail Insights Version14.1
OracleRetail Insights Version15.0
OracleRetail Insights Version16.0
OracleRetail Order Broker Version5.0
OracleRetail Order Broker Version5.1
OracleRetail Order Broker Version5.2
OracleRetail Order Broker Version15.0
OracleRetail Order Broker Version16.0
OracleRetail Point-of-service Version14.0.4
OracleRetail Point-of-service Version14.1.3
OracleRetail Returns Management Version14.0.4
OracleRetail Returns Management Version14.1.3
OracleWebcenter Sites Version11.1.1.8.0
OracleWorkload Manager Version12.2.0.1
DebianDebian Linux Version7.0
NetappActive Iq Unified Manager SwPlatformwindows Version >= 7.3
NetappActive Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
NetappOncommand Balance Version-
NetappOncommand Insight Version-
NetappOncommand Shift Version-
NetappSnapcenter Version-
NetappElement Version- SwPlatformvcenter_server
RedhatFuse Version1.0
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apache Tomcat Remote Code Execution Vulnerability

Vulnerability

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 94.37% 1
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://usn.ubuntu.com/3665-1/
Third Party Advisory
http://www.securityfocus.com/bid/100954
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039552
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42966/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/43008/
Third Party Advisory
Exploit
VDB Entry