CVE-2017-12617

high

Description

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/100954

http://www.securitytracker.com/id/1039552

https://access.redhat.com/errata/RHSA-2017:3080

https://access.redhat.com/errata/RHSA-2017:3081

https://access.redhat.com/errata/RHSA-2017:3113

https://access.redhat.com/errata/RHSA-2017:3114

https://access.redhat.com/errata/RHSA-2018:0268

https://access.redhat.com/errata/RHSA-2018:0269

https://access.redhat.com/errata/RHSA-2018:0270

https://access.redhat.com/errata/RHSA-2018:0271

https://access.redhat.com/errata/RHSA-2018:0275

https://access.redhat.com/errata/RHSA-2018:0465

https://access.redhat.com/errata/RHSA-2018:0466

https://access.redhat.com/errata/RHSA-2018:2939

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html

https://security.netapp.com/advisory/ntap-20171018-0002/

https://security.netapp.com/advisory/ntap-20180117-0002/

https://support.f5.com/csp/article/K53173544

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

https://usn.ubuntu.com/3665-1/

https://www.exploit-db.com/exploits/42966/

https://www.exploit-db.com/exploits/43008/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Details

Source: MITRE

Published: 2017-10-04

Updated: 2019-04-23

Type: CWE-434

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH