ID CVE-2017-12617
Summary When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 7.0.0
    cpe:2.3:a:apache:tomcat:7.0.0
  • Apache Software Foundation Tomcat 7.0.1
    cpe:2.3:a:apache:tomcat:7.0.1
  • Apache Software Foundation Tomcat 7.0.2
    cpe:2.3:a:apache:tomcat:7.0.2
  • Apache Software Foundation Tomcat 7.0.2 beta
    cpe:2.3:a:apache:tomcat:7.0.2:beta
  • Apache Software Foundation Tomcat 7.0.3
    cpe:2.3:a:apache:tomcat:7.0.3
  • Apache Software Foundation Tomcat 7.0.4
    cpe:2.3:a:apache:tomcat:7.0.4
  • Apache Software Foundation Tomcat 7.0.4 beta
    cpe:2.3:a:apache:tomcat:7.0.4:beta
  • Apache Software Foundation Tomcat 7.0.5
    cpe:2.3:a:apache:tomcat:7.0.5
  • Apache Tomcat 7.0.5 Beta
    cpe:2.3:a:apache:tomcat:7.0.5:beta
  • Apache Software Foundation Tomcat 7.0.6
    cpe:2.3:a:apache:tomcat:7.0.6
  • Apache Software Foundation Tomcat 7.0.7
    cpe:2.3:a:apache:tomcat:7.0.7
  • Apache Software Foundation Tomcat 7.0.8
    cpe:2.3:a:apache:tomcat:7.0.8
  • Apache Software Foundation Tomcat 7.0.9
    cpe:2.3:a:apache:tomcat:7.0.9
  • Apache Software Foundation Tomcat 7.0.10
    cpe:2.3:a:apache:tomcat:7.0.10
  • Apache Software Foundation Tomcat 7.0.11
    cpe:2.3:a:apache:tomcat:7.0.11
  • Apache Software Foundation Tomcat 7.0.12
    cpe:2.3:a:apache:tomcat:7.0.12
  • Apache Software Foundation Tomcat 7.0.13
    cpe:2.3:a:apache:tomcat:7.0.13
  • Apache Software Foundation Tomcat 7.0.14
    cpe:2.3:a:apache:tomcat:7.0.14
  • Apache Software Foundation Tomcat 7.0.15
    cpe:2.3:a:apache:tomcat:7.0.15
  • Apache Software Foundation Tomcat 7.0.16
    cpe:2.3:a:apache:tomcat:7.0.16
  • Apache Software Foundation Tomcat 7.0.17
    cpe:2.3:a:apache:tomcat:7.0.17
  • Apache Software Foundation Tomcat 7.0.18
    cpe:2.3:a:apache:tomcat:7.0.18
  • Apache Software Foundation Tomcat 7.0.19
    cpe:2.3:a:apache:tomcat:7.0.19
  • Apache Software Foundation Tomcat 7.0.20
    cpe:2.3:a:apache:tomcat:7.0.20
  • Apache Software Foundation Tomcat 7.0.21
    cpe:2.3:a:apache:tomcat:7.0.21
  • Apache Software Foundation Tomcat 7.0.22
    cpe:2.3:a:apache:tomcat:7.0.22
  • Apache Software Foundation Tomcat 7.0.23
    cpe:2.3:a:apache:tomcat:7.0.23
  • Apache Software Foundation Tomcat 7.0.24
    cpe:2.3:a:apache:tomcat:7.0.24
  • Apache Software Foundation Tomcat 7.0.25
    cpe:2.3:a:apache:tomcat:7.0.25
  • Apache Software Foundation Tomcat 7.0.26
    cpe:2.3:a:apache:tomcat:7.0.26
  • Apache Software Foundation Tomcat 7.0.27
    cpe:2.3:a:apache:tomcat:7.0.27
  • Apache Software Foundation Tomcat 7.0.28
    cpe:2.3:a:apache:tomcat:7.0.28
  • Apache Software Foundation Tomcat 7.0.29
    cpe:2.3:a:apache:tomcat:7.0.29
  • Apache Software Foundation Tomcat 7.0.30
    cpe:2.3:a:apache:tomcat:7.0.30
  • Apache Software Foundation Tomcat 7.0.31
    cpe:2.3:a:apache:tomcat:7.0.31
  • Apache Software Foundation Tomcat 7.0.32
    cpe:2.3:a:apache:tomcat:7.0.32
  • Apache Software Foundation Tomcat 7.0.33
    cpe:2.3:a:apache:tomcat:7.0.33
  • Apache Software Foundation Tomcat 7.0.34
    cpe:2.3:a:apache:tomcat:7.0.34
  • Apache Software Foundation Tomcat 7.0.35
    cpe:2.3:a:apache:tomcat:7.0.35
  • Apache Software Foundation Tomcat 7.0.36
    cpe:2.3:a:apache:tomcat:7.0.36
  • Apache Software Foundation Tomcat 7.0.37
    cpe:2.3:a:apache:tomcat:7.0.37
  • Apache Software Foundation Tomcat 7.0.38
    cpe:2.3:a:apache:tomcat:7.0.38
  • Apache Software Foundation Tomcat 7.0.39
    cpe:2.3:a:apache:tomcat:7.0.39
  • Apache Software Foundation Tomcat 7.0.40
    cpe:2.3:a:apache:tomcat:7.0.40
  • Apache Software Foundation Tomcat 7.0.41
    cpe:2.3:a:apache:tomcat:7.0.41
  • Apache Software Foundation Tomcat 7.0.42
    cpe:2.3:a:apache:tomcat:7.0.42
  • Apache Software Foundation Tomcat 7.0.43
    cpe:2.3:a:apache:tomcat:7.0.43
  • Apache Software Foundation Tomcat 7.0.44
    cpe:2.3:a:apache:tomcat:7.0.44
  • Apache Software Foundation Tomcat 7.0.45
    cpe:2.3:a:apache:tomcat:7.0.45
  • Apache Software Foundation Tomcat 7.0.46
    cpe:2.3:a:apache:tomcat:7.0.46
  • Apache Software Foundation Tomcat 7.0.47
    cpe:2.3:a:apache:tomcat:7.0.47
  • Apache Software Foundation Tomcat 7.0.48
    cpe:2.3:a:apache:tomcat:7.0.48
  • Apache Software Foundation Tomcat 7.0.49
    cpe:2.3:a:apache:tomcat:7.0.49
  • Apache Software Foundation Tomcat 7.0.50
    cpe:2.3:a:apache:tomcat:7.0.50
  • Apache Software Foundation Tomcat 7.0.51
    cpe:2.3:a:apache:tomcat:7.0.51
  • Apache Software Foundation Tomcat 7.0.54
    cpe:2.3:a:apache:tomcat:7.0.54
  • Apache Software Foundation Tomcat 7.0.55
    cpe:2.3:a:apache:tomcat:7.0.55
  • Apache Software Foundation Tomcat 7.0.56
    cpe:2.3:a:apache:tomcat:7.0.56
  • Apache Software Foundation Tomcat 7.0.57
    cpe:2.3:a:apache:tomcat:7.0.57
  • Apache Software Foundation Tomcat 7.0.58
    cpe:2.3:a:apache:tomcat:7.0.58
  • Apache Tomcat 7.0.59
    cpe:2.3:a:apache:tomcat:7.0.59
  • Apache Software Foundation Tomcat 7.0.60
    cpe:2.3:a:apache:tomcat:7.0.60
  • Apache Tomcat 7.0.61
    cpe:2.3:a:apache:tomcat:7.0.61
  • Apache Tomcat 7.0.62
    cpe:2.3:a:apache:tomcat:7.0.62
  • Apache Tomcat 7.0.63
    cpe:2.3:a:apache:tomcat:7.0.63
  • Apache Tomcat 7.0.64
    cpe:2.3:a:apache:tomcat:7.0.64
  • Apache Software Foundation Tomcat 7.0.65
    cpe:2.3:a:apache:tomcat:7.0.65
  • Apache Software Foundation Tomcat 7.0.66
    cpe:2.3:a:apache:tomcat:7.0.66
  • Apache Software Foundation Tomcat 7.0.67
    cpe:2.3:a:apache:tomcat:7.0.67
  • Apache Software Foundation Tomcat 7.0.68
    cpe:2.3:a:apache:tomcat:7.0.68
  • Apache Software Foundation Tomcat 7.0.69
    cpe:2.3:a:apache:tomcat:7.0.69
  • Apache Software Foundation Tomcat 7.0.70
    cpe:2.3:a:apache:tomcat:7.0.70
  • Apache Software Foundation Tomcat 7.0.71
    cpe:2.3:a:apache:tomcat:7.0.71
  • Apache Software Foundation Tomcat 7.0.72
    cpe:2.3:a:apache:tomcat:7.0.72
  • Apache Software Foundation Tomcat 7.0.73
    cpe:2.3:a:apache:tomcat:7.0.73
  • Apache Software Foundation Tomcat 7.0.74
    cpe:2.3:a:apache:tomcat:7.0.74
  • Apache Software Foundation Tomcat 7.0.75
    cpe:2.3:a:apache:tomcat:7.0.75
  • Apache Software Foundation Tomcat 7.0.76
    cpe:2.3:a:apache:tomcat:7.0.76
  • Apache Software Foundation Tomcat 7.0.77
    cpe:2.3:a:apache:tomcat:7.0.77
  • Apache Software Foundation Tomcat 7.0.79
    cpe:2.3:a:apache:tomcat:7.0.79
  • Apache Software Foundation Tomcat 7.0.80
    cpe:2.3:a:apache:tomcat:7.0.80
  • Apache Software Foundation Tomcat 7.0.81
    cpe:2.3:a:apache:tomcat:7.0.81
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 1
    cpe:2.3:a:apache:tomcat:8.0.0:rc1
  • Apache Software Foundation Tomcat 8.0.0 release candidate 10
    cpe:2.3:a:apache:tomcat:8.0.0:rc10
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 2
    cpe:2.3:a:apache:tomcat:8.0.0:rc2
  • Apache Software Foundation Tomcat 8.0.0 release candidate 5
    cpe:2.3:a:apache:tomcat:8.0.0:rc5
  • Apache Software Foundation Tomcat 8.0.1
    cpe:2.3:a:apache:tomcat:8.0.1
  • Apache Software Foundation Tomcat 8.0.2
    cpe:2.3:a:apache:tomcat:8.0.2
  • Apache Software Foundation Tomcat 8.0.4
    cpe:2.3:a:apache:tomcat:8.0.4
  • Apache Software Foundation Tomcat 8.0.6
    cpe:2.3:a:apache:tomcat:8.0.6
  • Apache Software Foundation Tomcat 8.0.7
    cpe:2.3:a:apache:tomcat:8.0.7
  • Apache Software Foundation Tomcat 8.0.9
    cpe:2.3:a:apache:tomcat:8.0.9
  • Apache Software Foundation Tomcat 8.0.10
    cpe:2.3:a:apache:tomcat:8.0.10
  • Apache Software Foundation Tomcat 8.0.11
    cpe:2.3:a:apache:tomcat:8.0.11
  • Apache Software Foundation Tomcat 8.0.12
    cpe:2.3:a:apache:tomcat:8.0.12
  • Apache Software Foundation Tomcat 8.0.13
    cpe:2.3:a:apache:tomcat:8.0.13
  • Apache Software Foundation Tomcat 8.0.14
    cpe:2.3:a:apache:tomcat:8.0.14
  • Apache Software Foundation Tomcat 8.0.15
    cpe:2.3:a:apache:tomcat:8.0.15
  • Apache Software Foundation Tomcat 8.0.16
    cpe:2.3:a:apache:tomcat:8.0.16
  • Apache Tomcat 8.0.17
    cpe:2.3:a:apache:tomcat:8.0.17
  • Apache Tomcat 8.0.18
    cpe:2.3:a:apache:tomcat:8.0.18
  • Apache Software Foundation Tomcat 8.0.19
    cpe:2.3:a:apache:tomcat:8.0.19
  • Apache Tomcat 8.0.20
    cpe:2.3:a:apache:tomcat:8.0.20
  • Apache Tomcat 8.0.21
    cpe:2.3:a:apache:tomcat:8.0.21
  • Apache Tomcat 8.0.22
    cpe:2.3:a:apache:tomcat:8.0.22
  • Apache Tomcat 8.0.23
    cpe:2.3:a:apache:tomcat:8.0.23
  • Apache Tomcat 8.0.24
    cpe:2.3:a:apache:tomcat:8.0.24
  • Apache Software Foundation Tomcat 8.0.25
    cpe:2.3:a:apache:tomcat:8.0.25
  • Apache Tomcat 8.0.26
    cpe:2.3:a:apache:tomcat:8.0.26
  • Apache Software Foundation Tomcat 8.0.27
    cpe:2.3:a:apache:tomcat:8.0.27
  • Apache Software Foundation Tomcat 8.0.28
    cpe:2.3:a:apache:tomcat:8.0.28
  • Apache Software Foundation Tomcat 8.0.29
    cpe:2.3:a:apache:tomcat:8.0.29
  • Apache Software Foundation Tomcat 8.0.30
    cpe:2.3:a:apache:tomcat:8.0.30
  • Apache Software Foundation Tomcat 8.0.31
    cpe:2.3:a:apache:tomcat:8.0.31
  • Apache Software Foundation Tomcat 8.0.32
    cpe:2.3:a:apache:tomcat:8.0.32
  • Apache Software Foundation Tomcat 8.0.33
    cpe:2.3:a:apache:tomcat:8.0.33
  • Apache Software Foundation Tomcat 8.0.34
    cpe:2.3:a:apache:tomcat:8.0.34
  • Apache Software Foundation Tomcat 8.0.35
    cpe:2.3:a:apache:tomcat:8.0.35
  • Apache Software Foundation Tomcat 8.0.36
    cpe:2.3:a:apache:tomcat:8.0.36
  • Apache Software Foundation Tomcat 8.0.37
    cpe:2.3:a:apache:tomcat:8.0.37
  • Apache Software Foundation Tomcat 8.0.38
    cpe:2.3:a:apache:tomcat:8.0.38
  • Apache Software Foundation Tomcat 8.0.39
    cpe:2.3:a:apache:tomcat:8.0.39
  • Apache Software Foundation Tomcat 8.0.40
    cpe:2.3:a:apache:tomcat:8.0.40
  • Apache Software Foundation Tomcat 8.0.41
    cpe:2.3:a:apache:tomcat:8.0.41
  • Apache Software Foundation Tomcat 8.0.42
    cpe:2.3:a:apache:tomcat:8.0.42
  • Apache Software Foundation Tomcat 8.0.43
    cpe:2.3:a:apache:tomcat:8.0.43
  • Apache Software Foundation Tomcat 8.0.44
    cpe:2.3:a:apache:tomcat:8.0.44
  • Apache Software Foundation Tomcat 8.0.45
    cpe:2.3:a:apache:tomcat:8.0.45
  • Apache Software Foundation Tomcat 8.0.46
    cpe:2.3:a:apache:tomcat:8.0.46
  • Apache Software Foundation Tomcat 8.5.0
    cpe:2.3:a:apache:tomcat:8.5.0
  • Apache Software Foundation Tomcat 8.5.1
    cpe:2.3:a:apache:tomcat:8.5.1
  • Apache Software Foundation Tomcat 8.5.2
    cpe:2.3:a:apache:tomcat:8.5.2
  • Apache Software Foundation Tomcat 8.5.3
    cpe:2.3:a:apache:tomcat:8.5.3
  • Apache Software Foundation Tomcat 8.5.4
    cpe:2.3:a:apache:tomcat:8.5.4
  • Apache Software Foundation Tomcat 8.5.5
    cpe:2.3:a:apache:tomcat:8.5.5
  • Apache Software Foundation Tomcat 8.5.6
    cpe:2.3:a:apache:tomcat:8.5.6
  • Apache Software Foundation Tomcat 8.5.7
    cpe:2.3:a:apache:tomcat:8.5.7
  • Apache Software Foundation Tomcat 8.5.8
    cpe:2.3:a:apache:tomcat:8.5.8
  • Apache Software Foundation Tomcat 8.5.9
    cpe:2.3:a:apache:tomcat:8.5.9
  • Apache Software Foundation Tomcat 8.5.10
    cpe:2.3:a:apache:tomcat:8.5.10
  • Apache Software Foundation Tomcat 8.5.11
    cpe:2.3:a:apache:tomcat:8.5.11
  • Apache Software Foundation Tomcat 8.5.12
    cpe:2.3:a:apache:tomcat:8.5.12
  • Apache Software Foundation Tomcat 8.5.13
    cpe:2.3:a:apache:tomcat:8.5.13
  • Apache Software Foundation Tomcat 8.5.14
    cpe:2.3:a:apache:tomcat:8.5.14
  • Apache Software Foundation Tomcat 8.5.15
    cpe:2.3:a:apache:tomcat:8.5.15
  • Apache Software Foundation Tomcat 8.5.16
    cpe:2.3:a:apache:tomcat:8.5.16
  • Apache Software Foundation Tomcat 8.5.17
    cpe:2.3:a:apache:tomcat:8.5.17
  • Apache Software Foundation Tomcat 8.5.18
    cpe:2.3:a:apache:tomcat:8.5.18
  • Apache Software Foundation Tomcat 8.5.19
    cpe:2.3:a:apache:tomcat:8.5.19
  • Apache Software Foundation Tomcat 8.5.20
    cpe:2.3:a:apache:tomcat:8.5.20
  • Apache Software Foundation Tomcat 8.5.21
    cpe:2.3:a:apache:tomcat:8.5.21
  • Apache Software Foundation Tomcat 8.5.22
    cpe:2.3:a:apache:tomcat:8.5.22
  • cpe:2.3:a:apache:tomcat:9.0.0
    cpe:2.3:a:apache:tomcat:9.0.0
  • Apache Software Foundation Tomcat 9.0.0 M1
    cpe:2.3:a:apache:tomcat:9.0.0:m1
  • Apache Software Foundation Tomcat 9.0.0 M10
    cpe:2.3:a:apache:tomcat:9.0.0:m10
  • Apache Software Foundation Tomcat 9.0.0 M11
    cpe:2.3:a:apache:tomcat:9.0.0:m11
  • Apache Software Foundation Tomcat 9.0.0 M12
    cpe:2.3:a:apache:tomcat:9.0.0:m12
  • Apache Software Foundation Tomcat 9.0.0 M13
    cpe:2.3:a:apache:tomcat:9.0.0:m13
  • Apache Software Foundation Tomcat 9.0.0 M14
    cpe:2.3:a:apache:tomcat:9.0.0:m14
  • Apache Software Foundation Tomcat 9.0.0 M15
    cpe:2.3:a:apache:tomcat:9.0.0:m15
  • Apache Software Foundation Tomcat 9.0.0 M16
    cpe:2.3:a:apache:tomcat:9.0.0:m16
  • Apache Software Foundation Tomcat 9.0.0 M17
    cpe:2.3:a:apache:tomcat:9.0.0:m17
  • Apache Software Foundation Tomcat 9.0.0 M18
    cpe:2.3:a:apache:tomcat:9.0.0:m18
  • Apache Software Foundation Tomcat 9.0.0 M19
    cpe:2.3:a:apache:tomcat:9.0.0:m19
  • Apache Software Foundation Tomcat 9.0.0 M2
    cpe:2.3:a:apache:tomcat:9.0.0:m2
  • Apache Software Foundation Tomcat 9.0.0 M20
    cpe:2.3:a:apache:tomcat:9.0.0:m20
  • Apache Software Foundation Tomcat 9.0.0 M21
    cpe:2.3:a:apache:tomcat:9.0.0:m21
  • Apache Software Foundation Tomcat 9.0.0 M22
    cpe:2.3:a:apache:tomcat:9.0.0:m22
  • Apache Software Foundation Tomcat 9.0.0 M3
    cpe:2.3:a:apache:tomcat:9.0.0:m3
  • Apache Software Foundation Tomcat 9.0.0 M4
    cpe:2.3:a:apache:tomcat:9.0.0:m4
  • Apache Software Foundation Tomcat 9.0.0 M5
    cpe:2.3:a:apache:tomcat:9.0.0:m5
  • Apache Software Foundation Tomcat 9.0.0 M6
    cpe:2.3:a:apache:tomcat:9.0.0:m6
  • Apache Software Foundation Tomcat 9.0.0 M7
    cpe:2.3:a:apache:tomcat:9.0.0:m7
  • Apache Software Foundation Tomcat 9.0.0 M8
    cpe:2.3:a:apache:tomcat:9.0.0:m8
  • Apache Software Foundation Tomcat 9.0.0 M9
    cpe:2.3:a:apache:tomcat:9.0.0:m9
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-434
CAPEC
  • Accessing Functionality Not Properly Constrained by ACLs
    In applications, particularly web applications, access to functionality is mitigated by the authorization framework, whose job it is to map ACLs to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application or can run queries for data that he is otherwise not supposed to.
  • Privilege Abuse
    An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.
d2sec via4
name Apache Tomcat for Windows HTTP PUT Method File Upload
url http://www.d2sec.com/exploits/apache_tomcat_for_windows_http_put_method_file_upload.html
exploit-db via4
  • description Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution. CVE-2017-12615. Webapps exploit for Win...
    file exploits/windows/webapps/42953.txt
    id EDB-ID:42953
    last seen 2017-10-04
    modified 2017-09-20
    platform windows
    port
    published 2017-09-20
    reporter Exploit-DB
    source https://www.exploit-db.com/download/42953/
    title Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
    type webapps
  • description Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit). CVE-2017-12617. Remote exploit for Java platform. Tags: Metasploit Framework
    file exploits/java/remote/43008.rb
    id EDB-ID:43008
    last seen 2017-10-17
    modified 2017-10-17
    platform java
    port
    published 2017-10-17
    reporter Exploit-DB
    source https://www.exploit-db.com/download/43008/
    title Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)
    type remote
  • description Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution. CVE-2017-12617. Webapps exploit for JSP...
    file exploits/jsp/webapps/42966.py
    id EDB-ID:42966
    last seen 2017-10-09
    modified 2017-10-09
    platform jsp
    port
    published 2017-10-09
    reporter Exploit-DB
    source https://www.exploit-db.com/download/42966/
    title Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
    type webapps
metasploit via4
description This module uploads a jsp payload and executes it.
id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_JSP_UPLOAD_BYPASS
last seen 2019-03-28
modified 2017-10-11
published 2017-10-09
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_jsp_upload_bypass.rb
title Tomcat RCE via JSP Upload Bypass
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3665-1.NASL
    description It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-12616, CVE-2017-12617) It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. (CVE-2017-15706) It was discovered that Tomcat incorrectly handled en empty string URL pattern in security constraint definitions. A remote attacker could possibly use this issue to gain access to web application resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1304) It was discovered that Tomcat incorrectly handled applying certain security constraints. A remote attacker could possibly access certain resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1305) It was discovered that the Tomcat CORS filter default settings were insecure and would enable 'supportsCredentials' for all origins, contrary to expectations. (CVE-2018-8014). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 110264
    published 2018-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110264
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : tomcat7, tomcat8 vulnerabilities (USN-3665-1)
  • NASL family Windows
    NASL id ORACLE_WEBCENTER_SITES_APR_2018_CPU.NASL
    description The version of Oracle WebCenter Sites running on the remote host is affected by an unspecified flaw in the Sites component (formerly FatWire Content Server) that allows an remote attacker to impact confidentiality and integrity. Note that this issue only applies to versions 11.1.1.8.0, 12.2.1.2.0,and 12.2.1.3.0.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 109209
    published 2018-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109209
    title Oracle WebCenter Sites Remote Vulnerability (April 2018 CPU)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-913.NASL
    description A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104179
    published 2017-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104179
    title Amazon Linux AMI : tomcat8 / tomcat80,tomcat7 (ALAS-2017-913)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C0DAE63448204505850DB1C975D0F67D.NASL
    description tomcat developers reports : When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 103718
    published 2017-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103718
    title FreeBSD : tomcat -- Remote Code Execution (c0dae634-4820-4505-850d-b1c975d0f67d)
  • NASL family Web Servers
    NASL id TOMCAT_8_0_47.NASL
    description The version of Apache Tomcat installed on the remote host is 8.0.0.RC1 or later but prior to 8.0.47. It is, therefore, affected by an unspecified vulnerability when running with HTTP PUTs enabled (e.g. via setting the readonly initialization parameter of the Default to false) that makes it possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 103697
    published 2017-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103697
    title Apache Tomcat 8.0.0.RC1 < 8.0.47 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0275.NASL
    description An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Security Fix(es) : * It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. (CVE-2018-1041) The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat).
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 106616
    published 2018-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106616
    title RHEL 6 : jboss-ec2-eap (RHSA-2018:0275)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0270.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. (CVE-2018-1041) The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat).
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 106651
    published 2018-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106651
    title RHEL 6 : JBoss EAP (RHSA-2018:0270)
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL
    description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory.
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 106299
    published 2018-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106299
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)
  • NASL family Web Servers
    NASL id SUN_JAVA_WEB_SERVER_7_0_27.NASL
    description According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 106349
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106349
    title Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-3081.NASL
    description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) * A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104257
    published 2017-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104257
    title CentOS 7 : tomcat (CESA-2017:3081)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1261.NASL
    description According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) - A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104286
    published 2017-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104286
    title EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1261)
  • NASL family Databases
    NASL id ORACLE_RDBMS_CPU_JAN_2018.NASL
    description The remote Oracle Database Server is missing the January 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-08
    plugin id 106188
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106188
    title Oracle Database Multiple Vulnerabilities (January 2018 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0268.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. (CVE-2018-1041) The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat).
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 106650
    published 2018-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106650
    title RHEL 7 : JBoss EAP (RHSA-2018:0268)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1299.NASL
    description This update for tomcat fixes the following issues : Security issues fixed : - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910). - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352) - CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554) Non security bugs fixed : - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104765
    published 2017-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104765
    title openSUSE Security Update : tomcat (openSUSE-2017-1299)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-EBB76FC3C9.NASL
    description This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features : rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 105995
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105995
    title Fedora 27 : 1:tomcat (2017-ebb76fc3c9)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171030_TOMCAT_ON_SL7_X.NASL
    description Security Fix(es) : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) - A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104269
    published 2017-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104269
    title Scientific Linux Security Update : tomcat on SL7.x (noarch)
  • NASL family Web Servers
    NASL id TOMCAT_9_0_1.NASL
    description The version of Apache Tomcat installed on the remote host is 9.0.0.M1 or later but prior to 9.0.1. It is, therefore, affected by an unspecified vulnerability when running with HTTP PUTs enabled (e.g. via setting the readonly initialization parameter of the Default to false) that makes it possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 103699
    published 2017-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103699
    title Apache Tomcat 9.0.0.M1 < 9.0.1 Multiple Vulnerabilities
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-3080.NASL
    description An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 119237
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119237
    title Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-3080)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0466.NASL
    description An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613) * tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615) * tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616) * tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617) * tomcat-native: Mishandling of client certificates can allow for OCSP check bypass (CVE-2017-15698) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 107208
    published 2018-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107208
    title RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)
  • NASL family Web Servers
    NASL id TOMCAT_7_0_82.NASL
    description The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.82. It is, therefore, affected by an unspecified vulnerability when running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialization parameter of the Default to false) makes it possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 103782
    published 2017-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103782
    title Apache Tomcat 7.0.x < 7.0.82 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-EF7C118DBC.NASL
    description This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features : rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104505
    published 2017-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104505
    title Fedora 26 : 1:tomcat (2017-ef7c118dbc)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3080.NASL
    description An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104250
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104250
    title RHEL 6 : tomcat6 (RHSA-2017:3080)
  • NASL family Web Servers
    NASL id TOMCAT_PUT_JSP.NASL
    description The HTTP server running on the remote host is affected by a flaw that allows a remote unauthenticated attacker to upload a JSP file and execute it.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 105006
    published 2017-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105006
    title Apache Tomcat HTTP PUT JSP File Upload RCE
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-F499EE7B12.NASL
    description This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features : rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104506
    published 2017-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104506
    title Fedora 25 : 1:tomcat (2017-f499ee7b12)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3080.NASL
    description From Red Hat Security Advisory 2017:3080 : An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104247
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104247
    title Oracle Linux 6 : tomcat6 (ELSA-2017-3080)
  • NASL family Web Servers
    NASL id TOMCAT_6_0_24.NASL
    description The version of Apache Tomcat installed on the remote host is 6.0.x prior to 6.0.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) - An unspecified flaw in error page mechanism of the DefaultServlet implementation allows a specially-crafted HTTP request to cause undesired side effects, including the removal or replacement of the custom error page. (CVE-2017-5664) - An unspecified flaw affects servlet contexts configured as readonly=false with HTTP PUT requests allowed. An attacker can upload a JSP file to that context and execute arbitrary code. (CVE-2017-12615, CVE-2017-12617) Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 104358
    published 2017-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104358
    title Apache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-3080.NASL
    description An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104256
    published 2017-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104256
    title CentOS 6 : tomcat6 (CESA-2017:3080)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171030_TOMCAT6_ON_SL6_X.NASL
    description Security Fix(es) : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104268
    published 2017-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104268
    title Scientific Linux Security Update : tomcat6 on SL6.x (noarch)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3081.NASL
    description From Red Hat Security Advisory 2017:3081 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) * A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104248
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104248
    title Oracle Linux 7 : tomcat (ELSA-2017-3081)
  • NASL family Web Servers
    NASL id TOMCAT_8_5_23.NASL
    description The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.82 or 8.5.x prior to 8.5.23. It is, therefore, affected by an unspecified vulnerability when running with HTTP PUTs enabled (e.g. via setting the readonly initialization parameter of the Default to false) that makes it possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 103698
    published 2017-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103698
    title Apache Tomcat 7.0.x < 7.0.82 / 8.5.x < 8.5.23 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3113.NASL
    description An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues. Security Fix(es) : * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Bock for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the original reporters of CVE-2016-2183. Bug Fix(es) : * Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640) * mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709) * CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104456
    published 2017-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104456
    title RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1262.NASL
    description According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) - A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104287
    published 2017-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104287
    title EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3081.NASL
    description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) * A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104251
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104251
    title RHEL 7 : tomcat (RHSA-2017:3081)
  • NASL family CGI abuses
    NASL id MYSQL_ENTERPRISE_MONITOR_4_0_2_5168.NASL
    description According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.3.x prior to 3.3.7.3306, 3.4.x prior to 3.4.5.4248, or 4.0.x prior to 4.0.2.5168. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-06-14
    plugin id 106103
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106103
    title MySQL Enterprise Monitor 3.3.x < 3.3.7.3306 / 3.4.x < 3.4.5.4248 / 4.0.x < 4.0.2.5168 Multiple Vulnerabilities (January 2018 CPU)
packetstorm via4
redhat via4
advisories
  • bugzilla
    id 1494283
    title CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment tomcat6 is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080015
        • comment tomcat6 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335006
      • AND
        • comment tomcat6-admin-webapps is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080019
        • comment tomcat6-admin-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335022
      • AND
        • comment tomcat6-docs-webapp is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080005
        • comment tomcat6-docs-webapp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335020
      • AND
        • comment tomcat6-el-2.1-api is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080017
        • comment tomcat6-el-2.1-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335024
      • AND
        • comment tomcat6-javadoc is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080021
        • comment tomcat6-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335012
      • AND
        • comment tomcat6-jsp-2.1-api is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080007
        • comment tomcat6-jsp-2.1-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335008
      • AND
        • comment tomcat6-lib is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080009
        • comment tomcat6-lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335018
      • AND
        • comment tomcat6-servlet-2.5-api is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080011
        • comment tomcat6-servlet-2.5-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335010
      • AND
        • comment tomcat6-webapps is earlier than 0:6.0.24-111.el6_9
          oval oval:com.redhat.rhsa:tst:20173080013
        • comment tomcat6-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335014
    rhsa
    id RHSA-2017:3080
    released 2017-10-29
    severity Important
    title RHSA-2017:3080: tomcat6 security update (Important)
  • bugzilla
    id 1494283
    title CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment tomcat is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081007
        • comment tomcat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686006
      • AND
        • comment tomcat-admin-webapps is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081013
        • comment tomcat-admin-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686016
      • AND
        • comment tomcat-docs-webapp is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081015
        • comment tomcat-docs-webapp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686014
      • AND
        • comment tomcat-el-2.2-api is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081023
        • comment tomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686024
      • AND
        • comment tomcat-javadoc is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081017
        • comment tomcat-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686012
      • AND
        • comment tomcat-jsp-2.2-api is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081011
        • comment tomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686018
      • AND
        • comment tomcat-jsvc is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081019
        • comment tomcat-jsvc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686022
      • AND
        • comment tomcat-lib is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081005
        • comment tomcat-lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686010
      • AND
        • comment tomcat-servlet-3.0-api is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081009
        • comment tomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686020
      • AND
        • comment tomcat-webapps is earlier than 0:7.0.76-3.el7_4
          oval oval:com.redhat.rhsa:tst:20173081021
        • comment tomcat-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686008
    rhsa
    id RHSA-2017:3081
    released 2017-10-29
    severity Important
    title RHSA-2017:3081: tomcat security update (Important)
  • rhsa
    id RHSA-2017:3113
  • rhsa
    id RHSA-2017:3114
  • rhsa
    id RHSA-2018:0268
  • rhsa
    id RHSA-2018:0269
  • rhsa
    id RHSA-2018:0270
  • rhsa
    id RHSA-2018:0271
  • rhsa
    id RHSA-2018:0275
  • rhsa
    id RHSA-2018:0465
  • rhsa
    id RHSA-2018:0466
  • rhsa
    id RHSA-2018:2939
rpms
  • tomcat6-0:6.0.24-111.el6_9
  • tomcat6-admin-webapps-0:6.0.24-111.el6_9
  • tomcat6-docs-webapp-0:6.0.24-111.el6_9
  • tomcat6-el-2.1-api-0:6.0.24-111.el6_9
  • tomcat6-javadoc-0:6.0.24-111.el6_9
  • tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9
  • tomcat6-lib-0:6.0.24-111.el6_9
  • tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9
  • tomcat6-webapps-0:6.0.24-111.el6_9
  • tomcat-0:7.0.76-3.el7_4
  • tomcat-admin-webapps-0:7.0.76-3.el7_4
  • tomcat-docs-webapp-0:7.0.76-3.el7_4
  • tomcat-el-2.2-api-0:7.0.76-3.el7_4
  • tomcat-javadoc-0:7.0.76-3.el7_4
  • tomcat-jsp-2.2-api-0:7.0.76-3.el7_4
  • tomcat-jsvc-0:7.0.76-3.el7_4
  • tomcat-lib-0:7.0.76-3.el7_4
  • tomcat-servlet-3.0-api-0:7.0.76-3.el7_4
  • tomcat-webapps-0:7.0.76-3.el7_4
refmap via4
bid 100954
confirm
exploit-db
  • 42966
  • 43008
misc https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
mlist
  • [announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload
  • [debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update
  • [tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
sectrack 1039552
ubuntu USN-3665-1
saint via4
bid 100954
description Apache Tomcat PUT method JSP upload
id web_dev_tomcatver
title tomcat_put_jsp_upload
type remote
the hacker news via4
id THN:96A25F981DD18505C101D0FC9DAA7B30
last seen 2018-01-27
modified 2017-10-05
published 2017-10-05
reporter Swati Khandelwal
source https://thehackernews.com/2017/10/apache-tomcat-rce.html
title Apache Tomcat Patches Important Remote Code Execution Flaw
Last major update 03-10-2017 - 21:29
Published 03-10-2017 - 21:29
Last modified 23-04-2019 - 15:29
Back to Top