CVE-2017-12615

🗓️ 19 Sep 2017 13:00:00Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 1510 Views

Apache Tomcat 7.x Windows HTTP PUT JSP execution vulnerabilit

Reporter	Title	Published	Views	Family All 132
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM Rational License Key Server Administration and Reporting Tool	17 Jun 201805:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)	17 Jun 201805:23	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade	17 Jun 201805:24	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Message Broker and IBM Integration Bus is affected by Open Source Apache Tomcat Vulnerabilities (CVE-2017-12617,CVE-2017-12615)	23 Mar 202020:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.	15 Jun 201823:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)	17 Jun 201805:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)	17 Jun 201805:23	–	ibm
Gitee	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat	7 Oct 202017:01	–	gitee
Gitee	Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform	8 Dec 202020:38	–	gitee

NVD

Vulners

Node

apache tomcatRange7.0.0–7.0.79

AND

microsoft windowsMatch-

Node

netapp 7-mode_transition_toolMatch-

netapp oncommand_balanceMatch-

netapp oncommand_shiftMatch-

Node

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch7.4

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch7.6

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch7.7

redhat jboss_enterprise_web_serverMatch2.0.0

redhat jboss_enterprise_web_serverMatch3.0.0

redhat jboss_enterprise_web_server_text-only_advisoriesMatch-

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch7.4

redhat enterprise_linux_eusMatch7.5

redhat enterprise_linux_eusMatch7.6

redhat enterprise_linux_eusMatch7.7

redhat enterprise_linux_eus_compute_nodeMatch7.4

redhat enterprise_linux_eus_compute_nodeMatch7.5

redhat enterprise_linux_eus_compute_nodeMatch7.6

redhat enterprise_linux_eus_compute_nodeMatch7.7

redhat enterprise_linux_for_ibm_z_systemsMatch7.0_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.4_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.5_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.6_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.7_s390x

redhat enterprise_linux_for_power_big_endianMatch7.0_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.4_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.5_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.6_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.7_ppc64

redhat enterprise_linux_for_power_little_endianMatch7.0_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch7.4_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch7.5_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch7.6_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch7.7_ppc64le

redhat enterprise_linux_for_scientific_computingMatch7.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.4

redhat enterprise_linux_server_ausMatch7.6

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.4_ppc64le

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.6_ppc64le

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.7_ppc64le

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch9.2_ppc64le

redhat enterprise_linux_server_tusMatch7.4

redhat enterprise_linux_server_tusMatch7.6

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_workstationMatch6.0

redhat enterprise_linux_workstationMatch7.0

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0 to 7.0.79"
      }
    ]
  }
]

Source	Link
breaktoprotect	www.breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
access	www.access.redhat.com/errata/RHSA-2017:3114
access	www.access.redhat.com/errata/RHSA-2018:0465
lists	www.lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2017:3080
lists	www.lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2018:0466
securityfocus	www.securityfocus.com/bid/100901
access	www.access.redhat.com/errata/RHSA-2017:3081
lists	www.lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

21 Apr 2026 17:04Current

7.4High risk

Vulners AI Score7.4

CVSS 26.8

CVSS 3.18.1

EPSS0.94231

SSVC