Description

When running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Remediation

Upgrade to the latest version of Apache Tomcat. This issue was fixed in Apache Tomcat version 7.0.81.

References

The Case of CVE-2017-12615 Tomcat 7 PUT vulnerability

Fixed_in_Apache_Tomcat_7.0.81

Related Vulnerabilities

Multiple vulnerabilities reported in Parallels Plesk Sitebuilder

Arbitrary EL Evaluation in RichFaces

Spring Data REST RCE via PATCH requests

WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)

Drupal Core 5.x Arbitrary Code Execution (5.0)

Severity

High

Classification

CVE-2017-12615 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution