CVE-2017-12617
- Source
- https://cve.org/CVERecord?id=CVE-2017-12617
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12617.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-12617
- Aliases
- Downstream
- Related
- Published
- 2017-10-04T01:29:02.120Z
- Modified
- 2026-03-15T22:23:45.126473Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12617
- https://access.redhat.com/errata/RHSA-2017:3113
- https://access.redhat.com/errata/RHSA-2018:2939
- https://access.redhat.com/errata/RHSA-2017:3114
- https://access.redhat.com/errata/RHSA-2018:0268
- http://www.securitytracker.com/id/1039552
- https://access.redhat.com/errata/RHSA-2018:0269
- https://access.redhat.com/errata/RHSA-2018:0270
- https://access.redhat.com/errata/RHSA-2018:0465
- https://support.f5.com/csp/article/K53173544
- https://access.redhat.com/errata/RHSA-2017:3081
- https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html
- https://security.netapp.com/advisory/ntap-20180117-0002/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
- https://usn.ubuntu.com/3665-1/
- https://access.redhat.com/errata/RHSA-2018:0466
- https://access.redhat.com/errata/RHSA-2017:3080
- https://access.redhat.com/errata/RHSA-2018:0271
- http://www.securityfocus.com/bid/100954
- https://access.redhat.com/errata/RHSA-2018:0275
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us
- https://security.netapp.com/advisory/ntap-20171018-0002/
- https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://www.exploit-db.com/exploits/42966/
- https://www.exploit-db.com/exploits/43008/
Affected packages
Git / github.com/apache/tomcat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/tomcat
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.0.0" }, { "fixed": "7.0.82" }, { "introduced": "8.5.0" }, { "fixed": "8.5.23" }, { "introduced": "9.0.0" }, { "fixed": "9.0.1" }, { "introduced": "0" }, { "last_affected": "10.0.1" }, { "introduced": "0" }, { "last_affected": "10.0.1" }, { "introduced": "0" }, { "last_affected": "7.0.6" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.0_ppc64" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.0" } ] }
- Type
- GIT
- Repo
- https://github.com/libfuse/libfuse
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "3.1.0" }, { "introduced": "0" }, { "last_affected": "3.2.0" }, { "introduced": "0" }, { "last_affected": "2.9.5" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "3.0.0" } ] }
Affected versions
Other
before_interruptible
debian_version_0_95-1
debian_version_1_0-1
fuse_0_9
fuse_0_95
fuse_1_1
fuse_1_1_pre2
fuse_1_9
fuse_2_2
fuse_2_2_pre1
fuse_2_2_pre4
fuse_2_2_pre5
fuse_2_2_pre6
fuse_2_3_0
fuse_2_3_pre1
fuse_2_3_pre2
fuse_2_3_pre3
fuse_2_3_pre4
fuse_2_3_pre5
fuse_2_3_pre6
fuse_2_3_pre7
fuse_2_3_rc1
fuse_2_4_0
fuse_2_4_0_pre2
fuse_2_4_0_rc1
fuse_2_4_1
fuse_2_5_0
fuse_2_5_0_pre1
fuse_2_5_0_pre2
fuse_2_6_0
fuse_2_6_0_pre1
fuse_2_6_0_pre2
fuse_2_6_0_pre3
fuse_2_6_0_rc1
fuse_2_6_0_rc2
fuse_2_6_0_rc3
fuse_2_6_1
fuse_2_7_0
fuse_2_7_0_rc1
fuse_2_7_1
fuse_2_7_2
fuse_2_7_2_before_indent
fuse_2_8_0
fuse_2_8_0_pre2
fuse_2_8_1
fuse_2_8_2
fuse_2_8_3
fuse_2_8_4
fuse_2_8_start
fuse_2_9_0
fuse_2_9_1
fuse_2_9_2
fuse_2_9_3
fuse_2_9_4
fuse_2_9_5
fuse_2_9_start
fuse_3_0_start
start
fuse-3.*
fuse-3.0.0
fuse-3.0.0pre0
fuse-3.0.0rc1
fuse-3.0.0rc2
fuse-3.0.0rc3
fuse-3.0.1
fuse-3.0.2
fuse-3.1.0
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "8.0"
},
{
"fixed": "8.0.47"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.1.0.4.0"
}
]
},
{
"events": [
{
"introduced": "7.3.3.0.0"
},
{
"last_affected": "7.3.5.3.0"
}
]
},
{
"events": [
{
"introduced": "8.0.0.0.0"
},
{
"last_affected": "8.0.9.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.2.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.2.1.0.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.8.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.3.6.3293"
}
]
},
{
"events": [
{
"introduced": "3.4.0"
},
{
"last_affected": "3.4.4.4226"
}
]
},
{
"events": [
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.0.5135"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.1.132"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.124"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.3.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.4.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.0.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.0.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.1.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.1.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.1.3.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.1.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.0.1"
}
]
},
{
"events": [
{
"introduced": "7.3"
}
]
},
{
"events": [
{
"introduced": "9.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7_ppc64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12617.json"