[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-UBUNTU-CVE-2017-12617":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":21,"related":22,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":61,"epss":9,"epss_history":62,"metrics":63,"affected":72},"UBUNTU-CVE-2017-12617","When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",null,[],[],[],[14],{"_key":15},"CVE-2017-12617",[17,19],{"_key":18},"USN-3665-1",{"_key":20},"USN-7282-1",[],[23,24],{"_key":18},{"_key":20},"2017-10-03T00:00:00Z","2026-02-04T02:47:04.052948Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30,36,40,44,49,53,57],{"url":31,"sources":32,"tags":34},"https://ubuntu.com/security/CVE-2017-12617",[33],"osv_ubuntu",[35],"REPORT",{"url":37,"sources":38,"tags":39},"https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html",[33],[35],{"url":41,"sources":42,"tags":43},"https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E",[33],[35],{"url":45,"sources":46,"tags":47},"https://ubuntu.com/security/notices/USN-3665-1",[33],[48],"Advisory",{"url":50,"sources":51,"tags":52},"https://www.cve.org/CVERecord?id=CVE-2017-12617",[33],[35],{"url":54,"sources":55,"tags":56},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog",[33],[35],{"url":58,"sources":59,"tags":60},"https://ubuntu.com/security/notices/USN-7282-1",[33],[48],[],[],[64],{"source":33,"cvss_v2_0":9,"cvss_v3_0":65,"cvss_v3_1":70,"cvss_v4_0":9},{"baseScore":66,"baseSeverity":9,"vectorString":67,"impactScore":68,"exploitabilityScore":69},8.1,"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",9.8,5.6,{"baseScore":66,"baseSeverity":9,"vectorString":71,"impactScore":68,"exploitabilityScore":69},"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[73,90],{"ecosystem":74,"name":75,"vendor":76,"product":75,"cpe_part":9,"purl_type":77,"purl_namespace":76,"purl_name":75,"source":9,"versions":78},"Ubuntu","tomcat7","ubuntu","deb",[79,85,88],{"version":80,"is_range":81,"range_type":82,"version_start":9,"version_start_type":9,"version_end":83,"version_end_type":84,"fixed_in":9},"lt7_0_52_1ubuntu0_14",true,"ecosystem","7.0.52-1ubuntu0.14","excluding",{"version":86,"is_range":81,"range_type":82,"version_start":9,"version_start_type":9,"version_end":87,"version_end_type":84,"fixed_in":9},"lt7_0_68_1ubuntu0_4+esm3","7.0.68-1ubuntu0.4+esm3",{"version":89,"is_range":81,"range_type":82,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":74,"name":91,"vendor":76,"product":91,"cpe_part":9,"purl_type":77,"purl_namespace":76,"purl_name":91,"source":9,"versions":92},"tomcat8",[93],{"version":94,"is_range":81,"range_type":82,"version_start":9,"version_start_type":9,"version_end":95,"version_end_type":84,"fixed_in":9},"lt8_0_32_1ubuntu1_6","8.0.32-1ubuntu1.6"]