Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2017-12615
PUBLISHEDWhen running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default...
- Vendor
- Apache Software Foundation
- Product
- Apache Tomcat
- Published
- Sep 19, 2017
- EPSS
- —
Description
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS scores
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:P/I:P/A:P
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://access.redhat.com/errata/RHSA-2017:3113
- https://access.redhat.com/errata/RHSA-2017:3080
- http://www.securitytracker.com/id/1039392
- https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E
- https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
- https://access.redhat.com/errata/RHSA-2018:0465
- http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
- https://access.redhat.com/errata/RHSA-2017:3114
- http://www.securityfocus.com/bid/100901
- https://access.redhat.com/errata/RHSA-2018:0466
- https://www.exploit-db.com/exploits/42953/
- https://security.netapp.com/advisory/ntap-20171018-0001/
- https://github.com/breaktoprotect/CVE-2017-12615
- https://access.redhat.com/errata/RHSA-2017:3081
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Mar 25, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-12615.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-11-19 11:47:11 UTC · 0 stars
github · Created 2021-01-12 09:07:12 UTC · 1 stars
CVE-2017-12615 任意文件写入exp,写入webshell
github · Created 2020-06-24 21:14:41 UTC · 0 stars
github · Created 2017-12-26 03:48:14 UTC · 3 stars
CVE-2017-12615 Tomcat RCE (TESTED)
github · Created 2017-10-06 22:04:23 UTC · 5 stars
CVE-2017-12617 and CVE-2017-12615 for tomcat server
github · Created 2017-09-23 06:15:48 UTC · 111 stars
POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Nuclei