Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2017-12617

Disclosure Date: October 04, 2017
CVE-2017-12617 CVSS v3 Base Score: 8.1
Exploited in the Wild
Reported by AttackerKB Worker and 1 more...
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.1 High
Impact Score:
5.9
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Apache Tomcat 9.0.0.M1 to 9.0.0
Apache Tomcat 8.5.0 to 8.5.22
Apache Tomcat 8.0.0.RC1 to 8.0.46
Apache Tomcat 7.0.0 to 7.0.81
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/multi/http/tomcat_jsp_upload_bypass
Reporter
Unknown

Vendors

  • apache,
  • canonical,
  • debian,
  • netapp,
  • oracle,
  • redhat

Products

  • active iq unified manager,
  • agile plm 9.3.3,
  • agile plm 9.3.4,
  • agile plm 9.3.5,
  • agile plm 9.3.6,
  • communications instant messaging server 10.0.1,
  • debian linux 7.0,
  • element -,
  • endeca information discovery integrator 3.1.0,
  • endeca information discovery integrator 3.2.0,
  • enterprise linux desktop 6.0,
  • enterprise linux desktop 7.0,
  • enterprise linux eus 7.4,
  • enterprise linux eus 7.5,
  • enterprise linux eus 7.6,
  • enterprise linux eus 7.7,
  • enterprise linux eus compute node 7.4,
  • enterprise linux eus compute node 7.5,
  • enterprise linux eus compute node 7.6,
  • enterprise linux eus compute node 7.7,
  • enterprise linux for ibm z systems 6.0 s390x,
  • enterprise linux for ibm z systems 7.0 s390x,
  • enterprise linux for ibm z systems eus 7.4 s390x,
  • enterprise linux for ibm z systems eus 7.5 s390x,
  • enterprise linux for ibm z systems eus 7.6 s390x,
  • enterprise linux for ibm z systems eus 7.7 s390x,
  • enterprise linux for power big endian 6.0 ppc64,
  • enterprise linux for power big endian 7.0 ppc64,
  • enterprise linux for power big endian eus 7.4 ppc64,
  • enterprise linux for power big endian eus 7.5 ppc64,
  • enterprise linux for power big endian eus 7.6 ppc64,
  • enterprise linux for power big endian eus 7.7 ppc64,
  • enterprise linux for power little endian 7.0,
  • enterprise linux for power little endian eus 7.4 ppc64le,
  • enterprise linux for power little endian eus 7.5 ppc64le,
  • enterprise linux for power little endian eus 7.6 ppc64le,
  • enterprise linux for power little endian eus 7.7 ppc64le,
  • enterprise linux server 6.0,
  • enterprise linux server 7.0,
  • enterprise linux server aus 7.4,
  • enterprise linux server aus 7.6,
  • enterprise linux server aus 7.7,
  • enterprise linux server tus 7.4,
  • enterprise linux server tus 7.6,
  • enterprise linux server tus 7.7,
  • enterprise linux workstation 6.0,
  • enterprise linux workstation 7.0,
  • enterprise manager for mysql database 12.1.0.4.0,
  • financial services analytical applications infrastructure,
  • fmw platform 12.2.1.2.0,
  • fmw platform 12.2.1.3.0,
  • fuse 1.0,
  • health sciences empirica inspections 1.0.1.1,
  • hospitality guest access 4.2.0,
  • hospitality guest access 4.2.1,
  • instantis enterprisetrack 17.1,
  • instantis enterprisetrack 17.2,
  • jboss enterprise application platform 6.0.0,
  • jboss enterprise application platform 6.4.0,
  • jboss enterprise web server 2.0.0,
  • jboss enterprise web server 3.0.0,
  • jboss enterprise web server text-only advisories -,
  • management pack 11.2.1.0.13,
  • micros lucas 2.9.5,
  • micros retail xbri loss prevention 10.0.1,
  • micros retail xbri loss prevention 10.5.0,
  • micros retail xbri loss prevention 10.6.0,
  • micros retail xbri loss prevention 10.7.0,
  • micros retail xbri loss prevention 10.8.0,
  • micros retail xbri loss prevention 10.8.1,
  • mysql enterprise monitor,
  • oncommand balance -,
  • oncommand insight -,
  • oncommand shift -,
  • oncommand workflow automation -,
  • retail advanced inventory planning 13.2,
  • retail advanced inventory planning 13.4,
  • retail advanced inventory planning 14.1,
  • retail advanced inventory planning 15.0,
  • retail back office 14.0.4,
  • retail back office 14.1.3,
  • retail central office 14.0.4,
  • retail central office 14.1.3,
  • retail convenience and fuel pos software 2.1.132,
  • retail eftlink 1.1.124,
  • retail eftlink 15.0.1,
  • retail eftlink 16.0.2,
  • retail insights 14.0,
  • retail insights 14.1,
  • retail insights 15.0,
  • retail insights 16.0,
  • retail invoice matching 12.0,
  • retail invoice matching 13.0,
  • retail invoice matching 13.1,
  • retail invoice matching 13.2,
  • retail invoice matching 14.0,
  • retail invoice matching 14.1,
  • retail invoice matching 15.0,
  • retail invoice matching 16.0,
  • retail order broker 15.0,
  • retail order broker 16.0,
  • retail order broker 5.0,
  • retail order broker 5.1,
  • retail order broker 5.2,
  • retail order management system 4.0,
  • retail order management system 4.5,
  • retail order management system 4.7,
  • retail order management system 5.0,
  • retail point-of-service 14.0.4,
  • retail point-of-service 14.1.3,
  • retail price management 12.0,
  • retail price management 13.0,
  • retail price management 13.1,
  • retail price management 13.2,
  • retail price management 14.0,
  • retail price management 14.1,
  • retail price management 15.0,
  • retail price management 16.0,
  • retail returns management 14.0.4,
  • retail returns management 14.1.3,
  • retail returns management 2.3.8,
  • retail returns management 2.4.9,
  • retail store inventory management 12.0.12,
  • retail store inventory management 13.0.7,
  • retail store inventory management 13.1.9,
  • retail store inventory management 13.2.9,
  • retail store inventory management 14.0.4,
  • retail store inventory management 14.1.3,
  • retail store inventory management 15.0.2,
  • retail store inventory management 16.0.1,
  • retail xstore point of service 15.0.1,
  • retail xstore point of service 6.0.11,
  • retail xstore point of service 7.0.6,
  • retail xstore point of service 7.1.6,
  • snapcenter -,
  • tomcat,
  • transportation management 6.3.1,
  • transportation management 6.3.2,
  • transportation management 6.3.3,
  • transportation management 6.3.4,
  • transportation management 6.3.5,
  • transportation management 6.3.6,
  • transportation management 6.3.7,
  • tuxedo system and applications monitor 12.1.3.0.0,
  • ubuntu linux 12.04,
  • ubuntu linux 16.04,
  • ubuntu linux 17.10,
  • ubuntu linux 18.04,
  • webcenter sites 11.1.1.8.0,
  • workload manager 12.2.0.1

Exploited in the Wild

Reported by:

References

Canonical
CVE-2017-12617 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617)
BID-100954 (http://www.securityfocus.com/bid/100954)
Advisory
https://access.redhat.com/errata/RHSA-2017:3113
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://access.redhat.com/errata/RHSA-2017:3080
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
https://access.redhat.com/errata/RHSA-2018:0269
EXPLOIT-DB-42966 (https://www.exploit-db.com/exploits/42966)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us
https://access.redhat.com/errata/RHSA-2018:0270
https://access.redhat.com/errata/RHSA-2018:0271
[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update (https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html)
https://access.redhat.com/errata/RHSA-2018:2939
https://access.redhat.com/errata/RHSA-2018:0465
USN-3665-1 (https://usn.ubuntu.com/3665-1)
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://access.redhat.com/errata/RHSA-2018:0268
https://access.redhat.com/errata/RHSA-2017:3114
EXPLOIT-DB-43008 (https://www.exploit-db.com/exploits/43008)
SECTRACK-1039552 (http://www.securitytracker.com/id/1039552)
https://access.redhat.com/errata/RHSA-2018:0275
https://access.redhat.com/errata/RHSA-2018:0466
[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload (https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E)
https://security.netapp.com/advisory/ntap-20171018-0002
https://security.netapp.com/advisory/ntap-20180117-0002
https://access.redhat.com/errata/RHSA-2017:3081
[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E)
https://support.f5.com/csp/article/K53173544
[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E)
Miscellaneous
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis