Vulnerability — CVE-2017-12615

CVE-2017-12615

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2017-12615
Description:: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Last updated date:: 07/16/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 03/17/2020
Reference url to background: https://web.archive.org/web/20200316234856/https://twitter.com/bad_packets/status/1239693959330287616

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 03/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/23/2017
Reference url to background: https://github.com/breaktoprotect/CVE-2017-12615

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/06/2017
Reference url to background: https://github.com/zi0Black/POC-CVE-2017-12615-or-CVE-2017-12717

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/16/2024
Reference url to background: http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/16/2024
Reference url to background: https://github.com/breaktoprotect/CVE-2017-12615

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2024
Reference url to background: https://github.com/lizhianyuguangming/TomcatScanPro

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2024
Reference url to background: https://github.com/lizhianyuguangming/TomcatWeakPassChecker