CVE-2017-12615 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Apache Tomcat affects v. 7.0.0 to 7.0.79.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2017-12615 Scanner Detail
Apache Tomcat (sometimes referred to simply as Tomcat) is a popular Java-based web server and servlet container that is used for serving dynamic webpages and web applications. It is a free and open-source software, providing a flexible and scalable environment for deploying Java web applications. Apache Tomcat provides various features like authentication, access control, virtual hosting, and many more, making it a popular choice among web developers and businesses.
One critical vulnerability that was detected in Apache Tomcat is the CVE-2017-12615 vulnerability. This vulnerability arises when a specially crafted HTTP PUT request is sent to the server with readonly initialization parameters of the default set to false. This can allow an attacker to upload a JSP file to the server that, when executed, can run malicious code on the server.
If exploited, this vulnerability can lead to significant security implications, including data theft, server takeover, and unauthorized access to sensitive information. Additionally, in some cases, the vulnerability could lead to a complete server compromise, leading to a significant impact on business productivity and financial loss.
At SecurityForEveryone.com, we offer a comprehensive platform that allows users to scan their digital assets for vulnerabilities like CVE-2017-12615 quickly and easily. Our pro features provide advanced security testing capabilities and detailed reports to help businesses stay safe and secure. Don't risk your digital assets to vulnerabilities - sign up for SecurityForEveryone.com today.
REFERENCES
- access.redhat.com: RHSA-2017:3113
- access.redhat.com: RHSA-2017:3080
- securitytracker.com: 1039392
- lists.apache.org: [announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload
- https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
- access.redhat.com: RHSA-2018:0465
- http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
- access.redhat.com: RHSA-2017:3114
- securityfocus.com: 100901
- access.redhat.com: RHSA-2018:0466
- exploit-db.com: 42953
- https://security.netapp.com/advisory/ntap-20171018-0001/
- https://github.com/breaktoprotect/CVE-2017-12615
- access.redhat.com: RHSA-2017:3081
- lists.apache.org: [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
- lists.apache.org: [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
- lists.apache.org: [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
- lists.apache.org: [announce] 20200131 Apache Software Foundation Security Report: 2019
- lists.apache.org: [tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
control security posture