CVE-2017-12615
- Source
- https://cve.org/CVERecord?id=CVE-2017-12615
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12615.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-12615
- Aliases
- Downstream
- Related
- Published
- 2017-09-19T13:29:00.190Z
- Modified
- 2026-04-02T00:01:34.531054Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615
- http://www.securityfocus.com/bid/100901
- https://access.redhat.com/errata/RHSA-2017:3080
- https://access.redhat.com/errata/RHSA-2017:3114
- https://access.redhat.com/errata/RHSA-2018:0466
- https://security.netapp.com/advisory/ntap-20171018-0001/
- http://www.securitytracker.com/id/1039392
- https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
- https://access.redhat.com/errata/RHSA-2017:3113
- https://access.redhat.com/errata/RHSA-2017:3081
- https://access.redhat.com/errata/RHSA-2018:0465
- https://www.exploit-db.com/exploits/42953/
- https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
- https://github.com/breaktoprotect/CVE-2017-12615
- http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
Affected packages
Git / github.com/apache/tomcat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/tomcat
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.0.0" }, { "last_affected": "7.0.79" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.0_ppc64" }, { "introduced": "0" }, { "last_affected": "7.0_ppc64le" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.0" } ] }
Affected versions
10.*
10.0.0
10.0.0-M1
10.0.0-M10
10.0.0-M2
10.0.0-M3
10.0.0-M4
10.0.0-M5
10.0.0-M6
10.0.0-M7
10.0.0-M8
10.0.0-M9
10.0.0.0-M1
10.0.1
10.0.10
10.0.11
10.0.12
10.0.13
10.0.14
10.0.15
10.0.16
10.0.17
10.0.18
10.0.19
10.0.2
10.0.20
10.0.21
10.0.22
10.0.23
10.0.24
10.0.25
10.0.26
10.0.27
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.1.0
10.1.0-M1
10.1.0-M10
10.1.0-M11
10.1.0-M12
10.1.0-M13
10.1.0-M14
10.1.0-M15
10.1.0-M16
10.1.0-M17
10.1.0-M18
10.1.0-M19
10.1.0-M2
10.1.0-M20
10.1.0-M3
10.1.0-M4
10.1.0-M5
10.1.0-M6
10.1.0-M7
10.1.0-M8
10.1.0-M9
10.1.1
10.1.10
10.1.11
10.1.12
10.1.13
10.1.14
10.1.15
10.1.16
10.1.17
10.1.18
10.1.19
10.1.2
10.1.20
10.1.22
10.1.23
10.1.24
10.1.25
10.1.26
10.1.27
10.1.28
10.1.29
10.1.3
10.1.30
10.1.31
10.1.32
10.1.33
10.1.34
10.1.35
10.1.36
10.1.37
10.1.38
10.1.39
10.1.4
10.1.40
10.1.41
10.1.42
10.1.43
10.1.44
10.1.45
10.1.46
10.1.47
10.1.48
10.1.49
10.1.5
10.1.50
10.1.51
10.1.52
10.1.6
10.1.7
10.1.8
10.1.9
11.*
11.0.0
11.0.0-M1
11.0.0-M10
11.0.0-M11
11.0.0-M12
11.0.0-M13
11.0.0-M14
11.0.0-M15
11.0.0-M16
11.0.0-M17
11.0.0-M18
11.0.0-M19
11.0.0-M2
11.0.0-M20
11.0.0-M21
11.0.0-M22
11.0.0-M23
11.0.0-M24
11.0.0-M25
11.0.0-M26
11.0.0-M3
11.0.0-M4
11.0.0-M5
11.0.0-M6
11.0.0-M7
11.0.0-M8
11.0.0-M9
11.0.1
11.0.10
11.0.11
11.0.12
11.0.13
11.0.14
11.0.15
11.0.16
11.0.17
11.0.18
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
11.0.8
11.0.9
7.*
7.0.0
7.0.0-RC1
7.0.0-RC2
7.0.0-RC3
7.0.0-RC4
7.0.1
7.0.10
7.0.100
7.0.101
7.0.102
7.0.103
7.0.104
7.0.105
7.0.106
7.0.107
7.0.108
7.0.109
7.0.11
7.0.12
7.0.13
7.0.14
7.0.15
7.0.16
7.0.17
7.0.18
7.0.19
7.0.2
7.0.20
7.0.21
7.0.22
7.0.23
7.0.24
7.0.25
7.0.26
7.0.27
7.0.28
7.0.29
7.0.3
7.0.30
7.0.31
7.0.32
7.0.33
7.0.34
7.0.35
7.0.36
7.0.37
7.0.38
7.0.39
7.0.4
7.0.40
7.0.41
7.0.42
7.0.43
7.0.44
7.0.45
7.0.46
7.0.47
7.0.48
7.0.49
7.0.5
7.0.50
7.0.51
7.0.52
7.0.53
7.0.54
7.0.55
7.0.56
7.0.57
7.0.58
7.0.59
7.0.6
7.0.60
7.0.61
7.0.62
7.0.63
7.0.64
7.0.65
7.0.66
7.0.67
7.0.68
7.0.69
7.0.7
7.0.70
7.0.71
7.0.72
7.0.73
7.0.74
7.0.75
7.0.76
7.0.77
7.0.78
7.0.79
7.0.8
7.0.80
7.0.81
7.0.82
7.0.83
7.0.84
7.0.85
7.0.86
7.0.87
7.0.88
7.0.89
7.0.9
7.0.90
7.0.91
7.0.92
7.0.93
7.0.94
7.0.95
7.0.96
7.0.97
7.0.98
7.0.99
8.*
8.5.0
8.5.1
8.5.10
8.5.100
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.17
8.5.18
8.5.19
8.5.2
8.5.20
8.5.21
8.5.22
8.5.23
8.5.24
8.5.25
8.5.26
8.5.27
8.5.28
8.5.29
8.5.3
8.5.30
8.5.31
8.5.32
8.5.33
8.5.34
8.5.35
8.5.36
8.5.37
8.5.38
8.5.39
8.5.4
8.5.40
8.5.41
8.5.42
8.5.43
8.5.44
8.5.45
8.5.46
8.5.47
8.5.48
8.5.49
8.5.5
8.5.50
8.5.51
8.5.52
8.5.53
8.5.54
8.5.55
8.5.56
8.5.57
8.5.58
8.5.59
8.5.6
8.5.60
8.5.61
8.5.62
8.5.63
8.5.64
8.5.65
8.5.66
8.5.67
8.5.68
8.5.69
8.5.7
8.5.70
8.5.71
8.5.72
8.5.73
8.5.74
8.5.75
8.5.76
8.5.77
8.5.78
8.5.79
8.5.8
8.5.80
8.5.81
8.5.82
8.5.83
8.5.84
8.5.85
8.5.86
8.5.87
8.5.88
8.5.89
8.5.9
8.5.90
8.5.91
8.5.92
8.5.93
8.5.94
8.5.95
8.5.96
8.5.97
8.5.98
8.5.99
9.*
9.0.0
9.0.0-M1
9.0.0-M10
9.0.0-M11
9.0.0-M12
9.0.0-M13
9.0.0-M14
9.0.0-M15
9.0.0-M16
9.0.0-M17
9.0.0-M18
9.0.0-M19
9.0.0-M2
9.0.0-M20
9.0.0-M21
9.0.0-M22
9.0.0-M23
9.0.0-M24
9.0.0-M25
9.0.0-M26
9.0.0-M27
9.0.0-M3
9.0.0-M4
9.0.0-M5
9.0.0-M6
9.0.0-M7
9.0.0-M8
9.0.0-M9
9.0.1
9.0.10
9.0.100
9.0.101
9.0.102
9.0.103
9.0.104
9.0.105
9.0.106
9.0.107
9.0.108
9.0.109
9.0.11
9.0.110
9.0.111
9.0.112
9.0.113
9.0.114
9.0.115
9.0.12
9.0.13
9.0.14
9.0.15
9.0.16
9.0.17
9.0.18
9.0.19
9.0.2
9.0.20
9.0.21
9.0.22
9.0.23
9.0.24
9.0.25
9.0.26
9.0.27
9.0.28
9.0.29
9.0.3
9.0.30
9.0.31
9.0.32
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.4
9.0.40
9.0.41
9.0.42
9.0.43
9.0.44
9.0.45
9.0.46
9.0.47
9.0.48
9.0.49
9.0.5
9.0.50
9.0.51
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.57
9.0.58
9.0.59
9.0.6
9.0.60
9.0.61
9.0.62
9.0.63
9.0.64
9.0.65
9.0.66
9.0.67
9.0.68
9.0.69
9.0.7
9.0.70
9.0.71
9.0.72
9.0.73
9.0.74
9.0.75
9.0.76
9.0.77
9.0.78
9.0.79
9.0.8
9.0.80
9.0.81
9.0.82
9.0.83
9.0.84
9.0.85
9.0.86
9.0.87
9.0.88
9.0.89
9.0.9
9.0.90
9.0.91
9.0.92
9.0.93
9.0.94
9.0.95
9.0.96
9.0.97
9.0.98
9.0.99
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12615.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
}
]