CVE-2017-12617

Description

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVSS Metrics

• v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
• v3.0•HIGH•Score: 8.1CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
• v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 94.38%• Percentile: 100%

Techniques & Countermeasures

• CWE-434•Unrestricted Upload of File with Dangerous Type

  The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Affected Systems

• apache software foundation•apache tomcat

  9.0.0.M1 to 9.0.0 | 8.5.0 to 8.5.22 | 8.0.0.RC1 to 8.0.46 | 7.0.0 to 7.0.81

• Unknown•Tomcat

  ≥ 7.0.0, < 7.0.82 | ≥ 8.0, < 8.0.47 | ≥ 8.5.0, < 8.5.23 | ≥ 9.0.0, < 9.0.1

• canonical•ubuntu_linux

  12.04 | 16.04 | 17.10 | 18.04

• debian•debian_linux

  7.0

• org.apache.tomcat•tomcat-catalina

  ≥ 9.0.0.M1, < 9.0.1 | ≥ 8.5.0, < 8.5.23 | ≥ 8.0.0-RC1, < 8.0.47 | ≥ 7.0.0, < 7.0.82

• org.apache.tomcat.embed•tomcat-embed-core

  ≥ 9.0.0.M1, < 9.0.1 | ≥ 8.5.0, < 8.5.23 | ≥ 8.0.0-RC1, < 8.0.47 | ≥ 7.0.0, < 7.0.82

• netapp•active_iq_unified_manager

  ≥ 7.3 | ≥ 9.5

• netapp•element

  na

• netapp•oncommand_balance

  na

• netapp•oncommand_insight

  na

• netapp•oncommand_shift

  na

• netapp•oncommand_workflow_automation

  na

• netapp•snapcenter

  na

• oracle•agile_plm

  9.3.3 | 9.3.4 | 9.3.5 | 9.3.6

• oracle•communications_instant_messaging_server

  10.0.1

• oracle•endeca_information_discovery_integrator

  3.1.0 | 3.2.0

• oracle•enterprise_manager_for_mysql_database

  12.1.0.4.0

• oracle•financial_services_analytical_applications_infrastructure

  ≥ 7.3.3.0.0, ≤ 7.3.5.3.0 | ≥ 8.0.0.0.0, ≤ 8.0.9.0.0

• oracle•fmw_platform

  12.2.1.2.0 | 12.2.1.3.0

• oracle•health_sciences_empirica_inspections

  1.0.1.1

• oracle•hospitality_guest_access

  4.2.0 | 4.2.1

• oracle•instantis_enterprisetrack

  17.1 | 17.2

• oracle•management_pack

  11.2.1.0.13

• oracle•micros_lucas

  2.9.5

• oracle•micros_retail_xbri_loss_prevention

  10.0.1 | 10.5.0 | 10.6.0 | 10.7.0 | 10.8.0 | 10.8.1

• oracle•mysql_enterprise_monitor

  ≤ 3.3.6.3293 | ≥ 3.4.0, ≤ 3.4.4.4226 | ≥ 4.0.0, ≤ 4.0.0.5135

• oracle•retail_advanced_inventory_planning

  13.2 | 13.4 | 14.1 | 15.0

• oracle•retail_back_office

  14.0.4 | 14.1.3

• oracle•retail_central_office

  14.0.4 | 14.1.3

• oracle•retail_convenience_and_fuel_pos_software

  2.1.132

• oracle•retail_eftlink

  1.1.124 | 15.0.1 | 16.0.2

• oracle•retail_insights

  14.0 | 14.1 | 15.0 | 16.0

• oracle•retail_invoice_matching

  12.0 | 13.0 | 13.1 | 13.2 | 14.0 | 14.1 | 15.0 | 16.0

• oracle•retail_order_broker

  5.0 | 5.1 | 5.2 | 15.0 | 16.0

• oracle•retail_order_management_system

  4.0 | 4.5 | 4.7 | 5.0

• oracle•retail_point-of-service

  14.0.4 | 14.1.3

• oracle•retail_price_management

  12.0 | 13.0 | 13.1 | 13.2 | 14.0 | 14.1 | 15.0 | 16.0

• oracle•retail_returns_management

  2.3.8 | 2.4.9 | 14.0.4 | 14.1.3

• oracle•retail_store_inventory_management

  12.0.12 | 13.0.7 | 13.1.9 | 13.2.9 | 14.0.4 | 14.1.3 | 15.0.2 | 16.0.1

• oracle•retail_xstore_point_of_service

  6.0.11 | 7.0.6 | 7.1.6 | 15.0.1

• oracle•transportation_management

  6.3.1 | 6.3.2 | 6.3.3 | 6.3.4 | 6.3.5 | 6.3.6 | 6.3.7

• oracle•tuxedo_system_and_applications_monitor

  12.1.3.0.0

• oracle•webcenter_sites

  11.1.1.8.0

• oracle•workload_manager

  12.2.0.1

• redhat•enterprise_linux_desktop

  6.0 | 7.0

• redhat•enterprise_linux_eus

  7.4 | 7.5 | 7.6 | 7.7

• redhat•enterprise_linux_eus_compute_node

  7.4 | 7.5 | 7.6 | 7.7

• redhat•enterprise_linux_for_ibm_z_systems

  6.0_s390x | 7.0_s390x

• redhat•enterprise_linux_for_ibm_z_systems_eus

  7.4_s390x | 7.5_s390x | 7.6_s390x | 7.7_s390x

• redhat•enterprise_linux_for_power_big_endian

  6.0_ppc64 | 7.0_ppc64

Showing first 50 affected entries in server-rendered view.

References (89)

• https://access.redhat.com/errata/RHSA-2017:3113
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://access.redhat.com/errata/RHSA-2017:3080
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
• https://access.redhat.com/errata/RHSA-2018:0269
• https://www.exploit-db.com/exploits/42966/
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us
• https://access.redhat.com/errata/RHSA-2018:0270
• https://access.redhat.com/errata/RHSA-2018:0271
• https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html
• https://access.redhat.com/errata/RHSA-2018:2939
• https://access.redhat.com/errata/RHSA-2018:0465
• https://usn.ubuntu.com/3665-1/
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://access.redhat.com/errata/RHSA-2018:0268
• https://access.redhat.com/errata/RHSA-2017:3114
• https://www.exploit-db.com/exploits/43008/
• http://www.securitytracker.com/id/1039552
• http://www.securityfocus.com/bid/100954
• https://access.redhat.com/errata/RHSA-2018:0275
• https://access.redhat.com/errata/RHSA-2018:0466
• https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E
• https://security.netapp.com/advisory/ntap-20171018-0002/
• https://security.netapp.com/advisory/ntap-20180117-0002/
• https://access.redhat.com/errata/RHSA-2017:3081
• https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
• https://support.f5.com/csp/article/K53173544
• https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12617
• https://nvd.nist.gov/vuln/detail/CVE-2017-12617
• https://github.com/apache/tomcat/commit/a9dd96046d7acb0357c6b7b9e6cc70d186fae663
• https://github.com/apache/tomcat/commit/74ad0e216c791454a318c1811300469eedc5c6f3
• https://github.com/apache/tomcat/commit/512a3c3aecdb52de092c6bacddd71b85c4feda06
• https://github.com/apache/tomcat/commit/506d862e7edfa991de198e0f2e4c4540830fa531
• https://github.com/apache/tomcat/commit/4cf7dab88282c8f3c92f0b961cdb0096e1d63e88
• https://github.com/apache/tomcat/commit/46dfedbc0523d7182be97f4244d7b6c942164485
• https://github.com/apache/tomcat/commit/327e8a6644e188764325a013aa2725a60f1b37e5
• https://github.com/apache/tomcat/commit/31e99502e2c602449a2f8835bd23ade772b77333
• https://github.com/apache/tomcat/commit/24aea94807f940ee44aa550378dc903289039ddd
• https://github.com/apache/tomcat/commit/b577f9a7996b92b650b1649af3c3bae11c120db9
• https://github.com/apache/tomcat/commit/b7e0435d17aba69f16ae9e8a78ad0f1565b552af
• https://github.com/apache/tomcat/commit/bbcbb749c75056a2781f37038d63e646fe972104
• https://github.com/apache/tomcat/commit/c177e9668d1278710bdb14c0eb8d2702b3655f5a
• https://github.com/apache/tomcat/commit/cf0b37beb0622abdf24acc7110daf883f3fe4f95
• https://github.com/apache/tomcat/commit/d5b170705d24c386d76038e5989045c89795c28c
• https://github.com/apache/tomcat/commit/e650cf1b83e441dbd3863f3f6b61c972cafce19e
• https://github.com/apache/tomcat/commit/f1b85da754c4760787d68a99e839b50878140b57
• https://github.com/apache/tomcat/commit/fd52f8601170b91f9d7162510e54563e5bf6bdfe
• https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
• https://security.netapp.com/advisory/ntap-20171018-0002
• https://security.netapp.com/advisory/ntap-20180117-0002
• https://usn.ubuntu.com/3665-1
• https://web.archive.org/web/20171110171954/http://www.securityfocus.com/bid/100954
• https://web.archive.org/web/20201209024734/http://www.securitytracker.com/id/1039552
• https://www.exploit-db.com/exploits/42966
• https://www.exploit-db.com/exploits/43008
• https://github.com/apache/tomcat
• https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E