CVE-2017-12615
HIGH severity · CVSS 8.1 · Unrestricted file upload · actively exploited (CISA KEV)
8.1CVSS HIGH ● exploited ⚠ ransomware
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
⚠ Known use in ransomware campaigns. Added to KEV 2022-03-25. US federal agencies must patch by 2022-04-15.
Summary
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)94%
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://www.securityfocus.com/bid/100901Advisory
- http://www.securitytracker.com/id/1039392Advisory
- https://access.redhat.com/errata/RHSA-2017:3080Advisory
- https://access.redhat.com/errata/RHSA-2017:3081Advisory
- https://access.redhat.com/errata/RHSA-2017:3113Advisory
- https://access.redhat.com/errata/RHSA-2017:3114Advisory
- https://access.redhat.com/errata/RHSA-2018:0465Advisory
- http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.htmlExploit