CVE-2017-12615

MEDIUM

Description

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

References

http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html

http://www.securityfocus.com/bid/100901

http://www.securitytracker.com/id/1039392

https://access.redhat.com/errata/RHSA-2017:3080

https://access.redhat.com/errata/RHSA-2017:3081

https://access.redhat.com/errata/RHSA-2017:3113

https://access.redhat.com/errata/RHSA-2017:3114

https://access.redhat.com/errata/RHSA-2018:0465

https://access.redhat.com/errata/RHSA-2018:0466

https://github.com/breaktoprotect/CVE-2017-12615

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://security.netapp.com/advisory/ntap-20171018-0001/

https://www.exploit-db.com/exploits/42953/

https://www.synology.com/support/security/Synology_SA_17_54_Tomcat

Details

Source: MITRE

Published: 2017-09-19

Updated: 2019-04-15

Type: CWE-434

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.79:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

ID	Name	Product	Family	Severity
700674	Apache Tomcat 7.0.x < 7.0.81 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
119270	FreeBSD : payara -- Code execution via crafted PUT requests to JSPs (22bc5327-f33f-11e8-be46-0019dbb15b3f)	Nessus	FreeBSD Local Security Checks	medium
119237	Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-3080)	Nessus	Virtuozzo Local Security Checks	medium
112310	Apache Tomcat 7.0.x < 7.0.81 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
107208	RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)	Nessus	Red Hat Local Security Checks	medium
105995	Fedora 27 : 1:tomcat (2017-ebb76fc3c9)	Nessus	Fedora Local Security Checks	medium
104506	Fedora 25 : 1:tomcat (2017-f499ee7b12)	Nessus	Fedora Local Security Checks	medium
104505	Fedora 26 : 1:tomcat (2017-ef7c118dbc)	Nessus	Fedora Local Security Checks	medium
104456	RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)	Nessus	Red Hat Local Security Checks	medium
104358	Apache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities	Nessus	Web Servers	high
104287	EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)	Nessus	Huawei Local Security Checks	medium
104286	EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1261)	Nessus	Huawei Local Security Checks	medium
104269	Scientific Linux Security Update : tomcat on SL7.x (noarch)	Nessus	Scientific Linux Local Security Checks	medium
104268	Scientific Linux Security Update : tomcat6 on SL6.x (noarch)	Nessus	Scientific Linux Local Security Checks	medium
104257	CentOS 7 : tomcat (CESA-2017:3081)	Nessus	CentOS Local Security Checks	medium
104256	CentOS 6 : tomcat6 (CESA-2017:3080)	Nessus	CentOS Local Security Checks	medium
104251	RHEL 7 : tomcat (RHSA-2017:3081)	Nessus	Red Hat Local Security Checks	medium
104250	RHEL 6 : tomcat6 (RHSA-2017:3080)	Nessus	Red Hat Local Security Checks	medium
104248	Oracle Linux 7 : tomcat (ELSA-2017-3081)	Nessus	Oracle Linux Local Security Checks	medium
104247	Oracle Linux 6 : tomcat6 (ELSA-2017-3080)	Nessus	Oracle Linux Local Security Checks	medium
103329	Apache Tomcat 7.0.x < 7.0.81 Multiple Vulnerabilities	Nessus	Web Servers	high