|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-06-03 | |
| Rule Name: | Apache Tomcat HTTP PUT Windows Remote Code Execution Vulnerability (CVE-2017-12615) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | When running Apache Tomcat 7.0.0 to 7.0.81 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:100901 SecurityFocusBID:100901 ExploitDB:42953 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E |