|
|||
Rule General Information |
---|
Release Date: | 2019-06-03 | |
Rule Name: | Apache Tomcat HTTP PUT Windows Remote Code Execution Vulnerability (CVE-2017-12615) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | When running Apache Tomcat 7.0.0 to 7.0.81 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:100901 SecurityFocusBID:100901 ExploitDB:42953 |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E |