CVE-2017-12617

CVE Database · CVE-2017-12617

CVE-2017-12617

· HIGHAnalyzed

CVSS v3.1

8.1

EPSS

99.99%

Published

Oct 3, 2017

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-25 · Due: 2022-04-15

Apply updates per vendor instructions.

Public PoC / Exploit (12)

All weaponized →

Exploit-DBTomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)Exploit-DBApache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCcyberheartmi9/CVE-2017-12617★399 GitHub PoCLongWayHomie/CVE-2017-12617★4 GitHub PoCygouzerh/CVE-2017-12617★2 GitHub PoCtyranteye666/tomcat-cve-2017-12617★1 GitHub PoCjptr218/tc_hack★1 GitHub PoCK3ysTr0K3R/CVE-2017-12617-EXPLOIT★1 GitHub PoCdevcoinfet/CVE-2017-12617★0 GitHub PoCqiantu88/CVE-2017-12617★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-434CWE-434

Affected Products (157)

apache · tomcat (up to 7.0.82)vulnerable

apache · tomcat (up to 8.0.47)vulnerable

apache · tomcat (up to 8.5.23)vulnerable

apache · tomcat (up to 9.0.1)vulnerable

canonical · ubuntu_linuxvulnerable

oracle · agile_plmvulnerable

References (20)

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

PatchThird Party Advisory

http://www.securityfocus.com/bid/100954

Third Party AdvisoryVDB EntryBroken Link

http://www.securitytracker.com/id/1039552

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs

oracle · agile_plmvulnerable

oracle · communications_instant_messaging_servervulnerable

oracle · endeca_information_discovery_integratorvulnerable

oracle · enterprise_manager_for_mysql_databasevulnerable

oracle · financial_services_analytical_applications_infrastructurevulnerable

oracle · fmw_platformvulnerable

oracle · health_sciences_empirica_inspectionsvulnerable

oracle · hospitality_guest_accessvulnerable

oracle · instantis_enterprisetrackvulnerable

oracle · management_packvulnerable

oracle · micros_lucasvulnerable

oracle · micros_retail_xbri_loss_preventionvulnerable

oracle · mysql_enterprise_monitorvulnerable

oracle · retail_advanced_inventory_planningvulnerable

oracle · retail_back_officevulnerable

oracle · retail_central_officevulnerable

oracle · retail_convenience_and_fuel_pos_softwarevulnerable

oracle · retail_eftlinkvulnerable

oracle · retail_insightsvulnerable