← back
CVE-2017-12617

CVE-2017-12617

CVSS 8.1 HIGHEPSS 100.0%● KEVCWE-434
In short

Apache Tomcat allowed attackers to upload and execute malicious JSP files when HTTP PUT requests were enabled. An uploaded JSP file could run arbitrary code on the server.

Technical detail

When the Default servlet's readonly parameter is set to false, allowing HTTP PUT requests, an attacker can upload a crafted JSP file to the web root. Upon subsequent HTTP GET requests to the uploaded JSP, the server executes embedded code with server privileges, enabling remote code execution.

Summary generated and translated by AI from the official description.
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Apache Software Foundation · Apache Tomcat
public PoCs found15
githubgithub.com/cyberheartmi9/CVE-2017-12617400githubgithub.com/LongWayHomie/CVE-2017-126174githubgithub.com/ygouzerh/CVE-2017-126172githubgithub.com/tyranteye666/tomcat-cve-2017-126171githubgithub.com/jptr218/tc_hack1githubgithub.com/K3ysTr0K3R/CVE-2017-12617-EXPLOIT1githubgithub.com/scirusvulgaris/CVE-2017-126170githubgithub.com/DevaDJ/CVE-2017-126170githubgithub.com/devcoinfet/CVE-2017-126170githubgithub.com/qiantu88/CVE-2017-126170githubgithub.com/yZee00/CVE-2017-126170exploitdbwww.exploit-db.com/exploits/42966unverifiedcve_referencewww.exploit-db.com/exploits/43008/unverifiedexploitdbwww.exploit-db.com/exploits/43008unverifiedcve_referencewww.exploit-db.com/exploits/42966/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:3080https://access.redhat.com/errata/RHSA-2017:3081https://access.redhat.com/errata/RHSA-2017:3113https://access.redhat.com/errata/RHSA-2017:3114https://access.redhat.com/errata/RHSA-2018:0268https://access.redhat.com/errata/RHSA-2018:0269https://access.redhat.com/errata/RHSA-2018:0270https://access.redhat.com/errata/RHSA-2018:0271https://access.redhat.com/errata/RHSA-2018:0275https://access.redhat.com/errata/RHSA-2018:0465https://access.redhat.com/errata/RHSA-2018:0466https://access.redhat.com/errata/RHSA-2018:2939