New Search

Remote Code Execution Vulnerability in Apache Tomcat 7.0.0 to 7.0.79 – CVE-2017-12615

oval:org.cisecurity:def:3353

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 8.1
  • Microsoft Windows 8
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Vista
  • Microsoft Windows 10
  • Microsoft Windows 7
Class:
vulnerability
Reference(s):
  • CVE-2017-12615
Product(s):
  • Apache Tomcat