CVE-2017-12617

🗓️ 03 Oct 2017 15:00:00Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 1552 Views

CVE-2017-12617 Apache Tomcat versions 7.0.0 to 9.0.0 allows JSP upload and execution

Reporter	Title	Published	Views	Family All 227
Gitee	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat	16 May 202116:14	–	gitee
Gitee	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat	27 Apr 202114:33	–	gitee
Gitee	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat	6 Jul 202503:24	–	gitee
Gitee	Exploit for Argument Injection in Phpmailer_Project Phpmailer	5 Dec 201914:28	–	gitee
Gitee	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat	22 Oct 202115:45	–	gitee
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM Rational License Key Server Administration and Reporting Tool	17 Jun 201805:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)	17 Jun 201805:23	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade	17 Jun 201805:24	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Message Broker and IBM Integration Bus is affected by Open Source Apache Tomcat Vulnerabilities (CVE-2017-12617,CVE-2017-12615)	23 Mar 202020:41	–	ibm

NVD

Vulners

Node

apache tomcatRange7.0.0–7.0.82

apache tomcatRange8.0–8.0.47

apache tomcatRange8.5.0–8.5.23

apache tomcatRange9.0.0–9.0.1

Node

canonical ubuntu_linuxMatch12.04esm

canonical ubuntu_linuxMatch16.04esm

canonical ubuntu_linuxMatch17.10

canonical ubuntu_linuxMatch18.04esm

Node

oracle agile_plmMatch9.3.3

oracle agile_plmMatch9.3.4

oracle agile_plmMatch9.3.5

oracle agile_plmMatch9.3.6

oracle communications_instant_messaging_serverMatch10.0.1

oracle endeca_information_discovery_integratorMatch3.1.0

oracle endeca_information_discovery_integratorMatch3.2.0

oracle enterprise_manager_for_mysql_databaseMatch12.1.0.4.0

oracle financial_services_analytical_applications_infrastructureRange7.3.3.0.0–7.3.5.3.0

oracle financial_services_analytical_applications_infrastructureRange8.0.0.0.0–8.0.9.0.0

oracle fmw_platformMatch12.2.1.2.0

oracle fmw_platformMatch12.2.1.3.0

oracle health_sciences_empirica_inspectionsMatch1.0.1.1

oracle hospitality_guest_accessMatch4.2.0

oracle hospitality_guest_accessMatch4.2.1

oracle instantis_enterprisetrackMatch17.1

oracle instantis_enterprisetrackMatch17.2

oracle management_packMatch11.2.1.0.13goldengate

oracle micros_lucasMatch2.9.5

oracle micros_retail_xbri_loss_preventionMatch10.0.1

oracle micros_retail_xbri_loss_preventionMatch10.5.0

oracle micros_retail_xbri_loss_preventionMatch10.6.0

oracle micros_retail_xbri_loss_preventionMatch10.7.0

oracle micros_retail_xbri_loss_preventionMatch10.8.0

oracle micros_retail_xbri_loss_preventionMatch10.8.1

oracle mysql_enterprise_monitorRange≤3.3.6.3293

oracle mysql_enterprise_monitorRange3.4.0–3.4.4.4226

oracle mysql_enterprise_monitorRange4.0.0–4.0.0.5135

oracle retail_advanced_inventory_planningMatch13.2

oracle retail_advanced_inventory_planningMatch13.4

oracle retail_advanced_inventory_planningMatch14.1

oracle retail_advanced_inventory_planningMatch15.0

oracle retail_back_officeMatch14.0.4

oracle retail_back_officeMatch14.1.3

oracle retail_central_officeMatch14.0.4

oracle retail_central_officeMatch14.1.3

oracle retail_convenience_and_fuel_pos_softwareMatch2.1.132

oracle retail_eftlinkMatch1.1.124

oracle retail_eftlinkMatch15.0.1

oracle retail_eftlinkMatch16.0.2

oracle retail_insightsMatch14.0

oracle retail_insightsMatch14.1

oracle retail_insightsMatch15.0

oracle retail_insightsMatch16.0

oracle retail_invoice_matchingMatch12.0

oracle retail_invoice_matchingMatch13.0

oracle retail_invoice_matchingMatch13.1

oracle retail_invoice_matchingMatch13.2

oracle retail_invoice_matchingMatch14.0

oracle retail_invoice_matchingMatch14.1

oracle retail_invoice_matchingMatch15.0

oracle retail_invoice_matchingMatch16.0

oracle retail_order_brokerMatch5.0

oracle retail_order_brokerMatch5.1

oracle retail_order_brokerMatch5.2

oracle retail_order_brokerMatch15.0

oracle retail_order_brokerMatch16.0

oracle retail_order_management_systemMatch4.0

oracle retail_order_management_systemMatch4.5

oracle retail_order_management_systemMatch4.7

oracle retail_order_management_systemMatch5.0

oracle retail_point-of-serviceMatch14.0.4

oracle retail_point-of-serviceMatch14.1.3

oracle retail_price_managementMatch12.0

oracle retail_price_managementMatch13.0

oracle retail_price_managementMatch13.1

oracle retail_price_managementMatch13.2

oracle retail_price_managementMatch14.0

oracle retail_price_managementMatch14.1

oracle retail_price_managementMatch15.0

oracle retail_price_managementMatch16.0

oracle retail_returns_managementMatch2.3.8

oracle retail_returns_managementMatch2.4.9

oracle retail_returns_managementMatch14.0.4

oracle retail_returns_managementMatch14.1.3

oracle retail_store_inventory_managementMatch12.0.12

oracle retail_store_inventory_managementMatch13.0.7

oracle retail_store_inventory_managementMatch13.1.9

oracle retail_store_inventory_managementMatch13.2.9

oracle retail_store_inventory_managementMatch14.0.4

oracle retail_store_inventory_managementMatch14.1.3

oracle retail_store_inventory_managementMatch15.0.2

oracle retail_store_inventory_managementMatch16.0.1

oracle retail_xstore_point_of_serviceMatch6.0.11

oracle retail_xstore_point_of_serviceMatch7.0.6

oracle retail_xstore_point_of_serviceMatch7.1.6

oracle retail_xstore_point_of_serviceMatch15.0.1

oracle transportation_managementMatch6.3.1

oracle transportation_managementMatch6.3.2

oracle transportation_managementMatch6.3.3

oracle transportation_managementMatch6.3.4

oracle transportation_managementMatch6.3.5

oracle transportation_managementMatch6.3.6

oracle transportation_managementMatch6.3.7

oracle tuxedo_system_and_applications_monitorMatch12.1.3.0.0

oracle webcenter_sitesMatch11.1.1.8.0

oracle workload_managerMatch12.2.0.1

Node

debian debian_linuxMatch7.0

Node

netapp active_iq_unified_managerRange7.3≥windows

netapp active_iq_unified_managerRange9.5≥vmware_vsphere

netapp oncommand_balanceMatch-

netapp oncommand_insightMatch-

netapp oncommand_shiftMatch-

netapp oncommand_workflow_automationMatch-

netapp snapcenterMatch-

netapp elementMatch-vcenter_server

Node

redhat fuseMatch1.0

redhat jboss_enterprise_application_platformMatch6.0.0

redhat jboss_enterprise_application_platformMatch6.4.0

redhat jboss_enterprise_web_serverMatch2.0.0

redhat jboss_enterprise_web_serverMatch3.0.0

redhat jboss_enterprise_web_server_text-only_advisoriesMatch-

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch7.4

redhat enterprise_linux_eusMatch7.5

redhat enterprise_linux_eusMatch7.6

redhat enterprise_linux_eusMatch7.7

redhat enterprise_linux_eus_compute_nodeMatch7.4

redhat enterprise_linux_eus_compute_nodeMatch7.5

redhat enterprise_linux_eus_compute_nodeMatch7.6

redhat enterprise_linux_eus_compute_nodeMatch7.7

redhat enterprise_linux_for_ibm_z_systemsMatch6.0_s390x

redhat enterprise_linux_for_ibm_z_systemsMatch7.0_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.4_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.5_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.6_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.7_s390x

redhat enterprise_linux_for_power_big_endianMatch6.0_ppc64

redhat enterprise_linux_for_power_big_endianMatch7.0_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.4_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.5_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.6_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.7_ppc64

redhat enterprise_linux_for_power_little_endianMatch7.0

redhat enterprise_linux_for_power_little_endian_eusMatch7.4_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch7.5_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch7.6_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch7.7_ppc64le

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.4

redhat enterprise_linux_server_ausMatch7.6

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_tusMatch7.4

redhat enterprise_linux_server_tusMatch7.6

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_workstationMatch6.0

redhat enterprise_linux_workstationMatch7.0

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0.M1 to 9.0.0"
      },
      {
        "status": "affected",
        "version": "8.5.0 to 8.5.22"
      },
      {
        "status": "affected",
        "version": "8.0.0.RC1 to 8.0.46"
      },
      {
        "status": "affected",
        "version": "7.0.0 to 7.0.81"
      }
    ]
  }
]

Source	Link
support	www.support.hpe.com/hpsc/doc/public/display
access	www.access.redhat.com/errata/RHSA-2017:3114
lists	www.lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2018:0269
access	www.access.redhat.com/errata/RHSA-2018:0271
oracle	www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
oracle	www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
oracle	www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
access	www.access.redhat.com/errata/RHSA-2018:0465
exploit-db	www.exploit-db.com/exploits/43008/

21 Apr 2026 17:03Current

7.5High risk

Vulners AI Score7.5

CVSS 26.8

CVSS 3.18.1

EPSS0.9438

SSVC