Lucene search

K
nvd[email protected]NVD:CVE-2017-12615
HistorySep 19, 2017 - 1:29 p.m.

CVE-2017-12615

2017-09-1913:29:00
CWE-434
web.nvd.nist.gov
9

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.972

Percentile

99.8%

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Affected configurations

Nvd
Node
apachetomcatRange7.0.07.0.79
AND
microsoftwindowsMatch-
Node
netapp7-mode_transition_toolMatch-
OR
netapponcommand_balanceMatch-
OR
netapponcommand_shiftMatch-
Node
redhatenterprise_linux_server_update_services_for_sap_solutionsMatch7.4
OR
redhatenterprise_linux_server_update_services_for_sap_solutionsMatch7.6
OR
redhatenterprise_linux_server_update_services_for_sap_solutionsMatch7.7
OR
redhatjboss_enterprise_web_serverMatch2.0.0
OR
redhatjboss_enterprise_web_serverMatch3.0.0
OR
redhatjboss_enterprise_web_server_text-only_advisoriesMatch-
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_eus_compute_nodeMatch7.4
OR
redhatenterprise_linux_eus_compute_nodeMatch7.5
OR
redhatenterprise_linux_eus_compute_nodeMatch7.6
OR
redhatenterprise_linux_eus_compute_nodeMatch7.7
OR
redhatenterprise_linux_for_ibm_z_systemsMatch7.0_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.4_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.5_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.6_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.7_s390x
OR
redhatenterprise_linux_for_power_big_endianMatch7.0_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.4_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.5_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.6_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.7_ppc64
OR
redhatenterprise_linux_for_power_little_endianMatch7.0_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.4_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.5_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.6_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.7_ppc64le
OR
redhatenterprise_linux_for_scientific_computingMatch7.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.4_ppc64le
OR
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.6_ppc64le
OR
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.7_ppc64le
OR
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch9.2_ppc64le
OR
redhatenterprise_linux_server_tusMatch7.4
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
netapp7-mode_transition_tool-cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
netapponcommand_balance-cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
netapponcommand_shift-cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
redhatenterprise_linux_server_update_services_for_sap_solutions7.4cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
redhatenterprise_linux_server_update_services_for_sap_solutions7.6cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
redhatenterprise_linux_server_update_services_for_sap_solutions7.7cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
redhatjboss_enterprise_web_server2.0.0cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*
redhatjboss_enterprise_web_server3.0.0cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 511

References

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.972

Percentile

99.8%