CVE-2017-12615 Information
Description
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html http://www.securityfocus.com/bid/100901 http://www.securitytracker.com/id/1039392 https://access.redhat.com/errata/RHSA-2017:3080 https://access.redhat.com/errata/RHSA-2017:3081 https://access.redhat.com/errata/RHSA-2017:3113 https://access.redhat.com/errata/RHSA-2017:3114 https://access.redhat.com/errata/RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0466 https://github.com/breaktoprotect/CVE-2017-12615 https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@3Cannounce.tomcat.apache.org3E https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@3Cannounce.apache.org3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@3Cdev.tomcat.apache.org3E https://security.netapp.com/advisory/ntap-20171018-0001/ https://www.exploit-db.com/exploits/42953/ https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.1
Share on: