CVE-2017-12615

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 07, 2017
Published Date: September 19, 2017
Last Updated: February 06, 2025
Vendor: Apache Software Foundation
Product: Apache Tomcat
Description: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVSS Scores

CVSS v3.1

8.1 - HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-25 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2024-11-19 11:47:11 UTC) Source
Used in Malware: Yes (added 2022-03-25 00:00:00 UTC) Source

References

https://access.redhat.com/errata/RHSA-2017:3113 https://access.redhat.com/errata/RHSA-2017:3080 http://www.securitytracker.com/id/1039392 https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E https://www.synology.com/support/security/Synology_SA_17_54_Tomcat https://access.redhat.com/errata/RHSA-2018:0465 http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html https://access.redhat.com/errata/RHSA-2017:3114 http://www.securityfocus.com/bid/100901 https://access.redhat.com/errata/RHSA-2018:0466 https://www.exploit-db.com/exploits/42953/ https://security.netapp.com/advisory/ntap-20171018-0001/ https://github.com/breaktoprotect/CVE-2017-12615 https://access.redhat.com/errata/RHSA-2017:3081 https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-25 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-12615.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

wudidwo/CVE-2017-12615-poc

Type: github • Created: 2024-11-19 11:47:11 UTC • Stars: 0

w0x68y/CVE-2017-12615-EXP

Type: github • Created: 2021-01-12 09:07:12 UTC • Stars: 1

CVE-2017-12615 任意文件写入exp，写入webshell

cyberharsh/Tomcat-CVE-2017-12615

Type: github • Created: 2020-06-24 21:14:41 UTC • Stars: 0

ianxtianxt/CVE-2017-12615

Type: github • Created: 2020-01-20 14:56:05 UTC • Stars: 1

CVE-2017-12615 批量脚本

1337g/CVE-2017-12615

Type: github • Created: 2017-12-26 03:48:14 UTC • Stars: 3

CVE-2017-12615 Tomcat RCE (TESTED)

BeyondCy/CVE-2017-12615

Type: github • Created: 2017-11-28 02:51:16 UTC • Stars: 1

Tomcat 远程代码执行漏洞 Exploit

zi0Black/POC-CVE-2017-12615-or-CVE-2017-12717

Type: github • Created: 2017-10-06 22:04:23 UTC • Stars: 5

CVE-2017-12617 and CVE-2017-12615 for tomcat server

breaktoprotect/CVE-2017-12615

Type: github • Created: 2017-09-23 06:15:48 UTC • Stars: 111

POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.