CVE-2017-12617
HIGH severity · CVSS 8.1 · Unrestricted file upload · actively exploited (CISA KEV)
8.1CVSS HIGH ● exploited
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
Added to KEV 2022-03-25. US federal agencies must patch by 2022-04-15.
Summary
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)94%
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products we track (2)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Official patch: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html ↗
Additional information
- NVD record
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch
- http://www.securityfocus.com/bid/100954Advisory
- http://www.securitytracker.com/id/1039552Advisory
- https://access.redhat.com/errata/RHSA-2017:3080Advisory
- https://access.redhat.com/errata/RHSA-2017:3081Advisory
- https://access.redhat.com/errata/RHSA-2017:3113Advisory