CVE-2017-12615

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVSS v3.0 8.1 HIGH
CVSS v2.0 6.8 MEDIUM

8.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E	Issue Tracking Mailing List Vendor Advisory
http://www.securitytracker.com/id/1039392	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/100901	Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42953/
https://security.netapp.com/advisory/ntap-20171018-0001/
https://github.com/breaktoprotect/CVE-2017-12615
http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
https://access.redhat.com/errata/RHSA-2017:3114
https://access.redhat.com/errata/RHSA-2017:3113
https://access.redhat.com/errata/RHSA-2017:3081
https://access.redhat.com/errata/RHSA-2017:3080
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
https://access.redhat.com/errata/RHSA-2018:0466
https://access.redhat.com/errata/RHSA-2018:0465
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
	cpe:2.3:a:apache:tomcat:7.0.5:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.6:::::::*
	cpe:2.3:a:apache:tomcat:7.0.14:::::::*
	cpe:2.3:a:apache:tomcat:7.0.15:::::::*
	cpe:2.3:a:apache:tomcat:7.0.22:::::::*
	cpe:2.3:a:apache:tomcat:7.0.23:::::::*
	cpe:2.3:a:apache:tomcat:7.0.30:::::::*
	cpe:2.3:a:apache:tomcat:7.0.31:::::::*
	cpe:2.3:a:apache:tomcat:7.0.39:::::::*
	cpe:2.3:a:apache:tomcat:7.0.40:::::::*
	cpe:2.3:a:apache:tomcat:7.0.47:::::::*
	cpe:2.3:a:apache:tomcat:7.0.48:::::::*
	cpe:2.3:a:apache:tomcat:7.0.57:::::::*
	cpe:2.3:a:apache:tomcat:7.0.58:::::::*
	cpe:2.3:a:apache:tomcat:7.0.59:::::::*
	cpe:2.3:a:apache:tomcat:7.0.66:::::::*
	cpe:2.3:a:apache:tomcat:7.0.67:::::::*
	cpe:2.3:a:apache:tomcat:7.0.74:::::::*
	cpe:2.3:a:apache:tomcat:7.0.75:::::::*
	cpe:2.3:a:apache:tomcat:7.0:::::::*
	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
	cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.5:::::::*
	cpe:2.3:a:apache:tomcat:7.0.12:::::::*
	cpe:2.3:a:apache:tomcat:7.0.13:::::::*
	cpe:2.3:a:apache:tomcat:7.0.20:::::::*
	cpe:2.3:a:apache:tomcat:7.0.21:::::::*
	cpe:2.3:a:apache:tomcat:7.0.28:::::::*
	cpe:2.3:a:apache:tomcat:7.0.29:::::::*
	cpe:2.3:a:apache:tomcat:7.0.37:::::::*
	cpe:2.3:a:apache:tomcat:7.0.38:::::::*
	cpe:2.3:a:apache:tomcat:7.0.45:::::::*
	cpe:2.3:a:apache:tomcat:7.0.46:::::::*
	cpe:2.3:a:apache:tomcat:7.0.55:::::::*
	cpe:2.3:a:apache:tomcat:7.0.56:::::::*
	cpe:2.3:a:apache:tomcat:7.0.64:::::::*
	cpe:2.3:a:apache:tomcat:7.0.65:::::::*
	cpe:2.3:a:apache:tomcat:7.0.72:::::::*
	cpe:2.3:a:apache:tomcat:7.0.73:::::::*
	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
	cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.7:::::::*
	cpe:2.3:a:apache:tomcat:7.0.8:::::::*
	cpe:2.3:a:apache:tomcat:7.0.16:::::::*
	cpe:2.3:a:apache:tomcat:7.0.17:::::::*
	cpe:2.3:a:apache:tomcat:7.0.24:::::::*
	cpe:2.3:a:apache:tomcat:7.0.25:::::::*
	cpe:2.3:a:apache:tomcat:7.0.32:::::::*
	cpe:2.3:a:apache:tomcat:7.0.33:::::::*
	cpe:2.3:a:apache:tomcat:7.0.34:::::::*
	cpe:2.3:a:apache:tomcat:7.0.41:::::::*
	cpe:2.3:a:apache:tomcat:7.0.42:::::::*
	cpe:2.3:a:apache:tomcat:7.0.49:::::::*
	cpe:2.3:a:apache:tomcat:7.0.50:::::::*
	cpe:2.3:a:apache:tomcat:7.0.60:::::::*
	cpe:2.3:a:apache:tomcat:7.0.61:::::::*
	cpe:2.3:a:apache:tomcat:7.0.68:::::::*
	cpe:2.3:a:apache:tomcat:7.0.69:::::::*
	cpe:2.3:a:apache:tomcat:7.0.76:::::::*
	cpe:2.3:a:apache:tomcat:7.0.77:::::::*
	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
	cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.51:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:7.0.70:::::::*
cpe:2.3:a:apache:tomcat:7.0.71:::::::*
cpe:2.3:a:apache:tomcat:7.0.79:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Information

Published : 2017-09-19 13:29

Updated : 2019-04-15 16:30

NVD link : CVE-2017-12615

Mitre link : CVE-2017-12615

JSON object : View

Products Affected

microsoft

windows

apache

tomcat

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

8.1 /10