QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-12615

Back to search

CVE-2017-12615

Published: Sep 19, 2017

Modified: Oct 21, 2025

PUBLISHED

Description

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

VendorProductVersions

Apache Software Foundation

Apache Tomcat

affected
7.0.0 to 7.0.79

References

RHSA-2017:3113
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3080
vendor-advisory
x_refsource_REDHAT
1039392
vdb-entry
x_refsource_SECTRACK
RHSA-2018:0465
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3114
vendor-advisory
x_refsource_REDHAT
100901
vdb-entry
x_refsource_BID
RHSA-2018:0466
vendor-advisory
x_refsource_REDHAT
42953
exploit
x_refsource_EXPLOIT-DB
RHSA-2017:3081
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now