CVE-2017-12615

MEDIUM

Details

Source: MITRE

Published: 2017-09-19

Updated: 2019-04-15

Type: CWE-434

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.79:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
127359NewStart CGSL MAIN 4.05 : tomcat6 Multiple Vulnerabilities (NS-SA-2019-0117)NessusNewStart CGSL Local Security Checks
medium
700674Apache Tomcat 7.0.x < 7.0.81 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
119270FreeBSD : payara -- Code execution via crafted PUT requests to JSPs (22bc5327-f33f-11e8-be46-0019dbb15b3f)NessusFreeBSD Local Security Checks
medium
119237Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-3080)NessusVirtuozzo Local Security Checks
medium
112310Apache Tomcat 7.0.x < 7.0.81 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
medium
107208RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)NessusRed Hat Local Security Checks
medium
105995Fedora 27 : 1:tomcat (2017-ebb76fc3c9)NessusFedora Local Security Checks
medium
104506Fedora 25 : 1:tomcat (2017-f499ee7b12)NessusFedora Local Security Checks
medium
104505Fedora 26 : 1:tomcat (2017-ef7c118dbc)NessusFedora Local Security Checks
medium
104456RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)NessusRed Hat Local Security Checks
medium
104358Apache Tomcat 6.0.x < 6.0.24 Multiple VulnerabilitiesNessusWeb Servers
medium
104287EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)NessusHuawei Local Security Checks
medium
104286EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1261)NessusHuawei Local Security Checks
medium
104269Scientific Linux Security Update : tomcat on SL7.x (noarch) (20171030)NessusScientific Linux Local Security Checks
medium
104268Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20171030)NessusScientific Linux Local Security Checks
medium
104257CentOS 7 : tomcat (CESA-2017:3081)NessusCentOS Local Security Checks
medium
104256CentOS 6 : tomcat6 (CESA-2017:3080)NessusCentOS Local Security Checks
medium
104251RHEL 7 : tomcat (RHSA-2017:3081)NessusRed Hat Local Security Checks
medium
104250RHEL 6 : tomcat6 (RHSA-2017:3080)NessusRed Hat Local Security Checks
medium
104248Oracle Linux 7 : tomcat (ELSA-2017-3081)NessusOracle Linux Local Security Checks
medium
104247Oracle Linux 6 : tomcat6 (ELSA-2017-3080)NessusOracle Linux Local Security Checks
medium
103329Apache Tomcat 7.0.x < 7.0.81 Multiple VulnerabilitiesNessusWeb Servers
medium