Apache Tomcat HTTP PUT JSP File Upload RCE

high Nessus Plugin ID 105006
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

An HTTP server running on the remote host is affected by a remote arbitrary file upload and execution vulnerability.

Description

The HTTP server running on the remote host is affected by a flaw that allows a remote unauthenticated attacker to upload a JSP file and execute it.

Solution

Upgrade to Apache Tomcat versions 7.0.82, 8.0.47, 8.5.23, 9.0.1 or later.

See Also

http://www.nessus.org/u?4f047e41

Plugin Details

Severity: High

ID: 105006

File Name: tomcat_put_jsp.nasl

Version: 1.7

Type: remote

Family: Web Servers

Published: 12/4/2017

Updated: 4/7/2021

Dependencies: http_methods.nasl

Risk Information

CVSS Score Source: CVE-2017-12617

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Required KB Items: www/put_upload, www/delete_upload

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/3/2017

Vulnerability Publication Date: 10/3/2017

Exploitable With

Core Impact

Metasploit (Tomcat RCE via JSP Upload Bypass)

Elliot (Apache Tomcat for Windows HTTP PUT Method File Upload)

Reference Information

CVE: CVE-2017-12617

BID: 100954