Russian Vulnerability Scanner Database

Back to List

CVE-2017-12615

Scores

EPSS

0.942high94.2%
0%20%40%60%80%100%

Percentile: 94.2%

CVSS

8.1high3.x
0246810

CVSS Score: 8.1/10

All CVSS Scores

CVSS 3.x
8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-20CWE-434

Exploits

Exploit ID: 42953

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42953

Exploit ID: CVE-2017-12615

Source: github-poc

URL: https://github.com/netw0rk7/CVE-2017-12615-Home-Lab

Vulnerable Software (48)

Type: Configuration

Product: httpd

Operating System: rhel

Trait: 
{  "fixed": "2.2.26-57.ep6.el6"}

Source: redhat

Type: Configuration

Product: httpd22

Operating System: rhel

Trait: 
{  "fixed": "2.2.26-58.ep6.el7"}

Source: redhat

Type: Configuration

Product: jbcs-httpd24-openssl

Operating System: rhel

Trait: 
{  "fixed": "1.0.2h-14.jbcs.el6"}

Source: redhat

Type: Configuration

Product: jbcs-httpd24-openssl

Operating System: rhel

Trait: 
{  "fixed": "1.0.2h-14.jbcs.el7"}

Source: redhat

Type: Configuration

Product: mod_cluster

Operating System: rhel

Trait: 
{  "fixed": "1.3.8-2.Final_redhat_2.1.ep7.el6"}

Source: redhat

Type: Configuration

Product: mod_cluster

Operating System: rhel

Trait: 
{  "fixed": "1.3.8-2.Final_redhat_2.1.ep7.el7"}

Source: redhat

Type: Configuration

Product: mod_cluster-native

Operating System: rhel

Trait: 
{  "fixed": "1.2.13-9.Final_redhat_2.ep6.el6"}

Source: redhat

Type: Configuration

Product: mod_cluster-native

Operating System: rhel

Trait: 
{  "fixed": "1.2.13-9.Final_redhat_2.ep6.el7"}

Source: redhat

Type: Configuration

Product: tomcat

Operating System: rhel 7

Trait: 
{  "fixed": "7.0.76-3.el7_4"}

Source: redhat

Type: Configuration

Product: tomcat-native

Operating System: rhel

Trait: 
{  "fixed": "1.2.8-11.redhat_11.ep7.el6"}

Source: redhat

Type: Configuration

Product: tomcat-native

Operating System: rhel

Trait: 
{  "fixed": "1.2.8-11.redhat_11.ep7.el7"}

Source: redhat

Type: Configuration

Product: tomcat-vault

Operating System: rhel

Trait: 
{  "fixed": "1.1.6-1.Final_redhat_1.1.ep7.el6"}

Source: redhat

Type: Configuration

Product: tomcat-vault

Operating System: rhel

Trait: 
{  "fixed": "1.1.6-1.Final_redhat_1.1.ep7.el7"}

Source: redhat

Type: Configuration

Product: tomcat6

Operating System: rhel 6

Trait: 
{  "fixed": "6.0.24-111.el6_9"}

Source: redhat

Type: Configuration

Product: tomcat6

Operating System: rhel

Trait: 
{  "fixed": "6.0.41-19_patch_04.ep6.el6"}

Source: redhat

Type: Configuration

Product: tomcat6

Operating System: rhel

Trait: 
{  "fixed": "6.0.41-19_patch_04.ep6.el7"}

Source: redhat

Type: Configuration

Product: tomcat7

Operating System: rhel

Trait: 
{  "fixed": "7.0.54-28_patch_05.ep6.el6"}

Source: redhat

Type: Configuration

Product: tomcat7

Operating System: rhel

Trait: 
{  "fixed": "7.0.70-25.ep7.el6"}

Source: redhat

Type: Configuration

Product: tomcat7

Operating System: ubuntu trusty 14.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: tomcat7

Operating System: ubuntu xenial 16.04

Trait: 
{  "unaffected": true}

Source: ubuntu