Lucene search

K
redhatcveRedhat.comRH:CVE-2017-12617
HistoryJul 03, 2021 - 11:30 p.m.

CVE-2017-12617

2021-07-0323:30:26
redhat.com
access.redhat.com
91
tomcat
vulnerability
code execution
jsp file
servlet context

EPSS

0.974

Percentile

100.0%

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.

Mitigation

Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.

Block HTTP methods that permit resource modification for untrusted users.