Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-12615

KEV · Ransomware EPSS 94.20% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-12615

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Tomcat 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Tomcat是美国阿帕奇(Apache)软件基金会下属的Jakarta项目的一款轻量级Web应用服务器,它主要用于开发和调试JSP程序,适用于中小型系统。 Apache Tomcat 7.0.0版本至7.0.79版本存在远程代码执行漏洞。当上述版本的Tomcat启用HTTP PUT请求方法时,远程攻击者可以构造恶意请求利用该漏洞向服务器上传包含任意代码执行的jsp文件,并被服务器执行该文件,导致攻击者可以执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache Tomcat 7.0.0 to 7.0.79 -

II. Public POCs for CVE-2017-12615

#POC DescriptionSource LinkShenlong Link
1POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.https://github.com/breaktoprotect/CVE-2017-12615POC Details
2just a python script for cve-2017-12615https://github.com/mefulton/cve-2017-12615POC Details
3CVE-2017-12617 and CVE-2017-12615 for tomcat serverhttps://github.com/zi0Black/POC-CVE-2017-12615-or-CVE-2017-12717POC Details
4tomcat-put-cve-2017-12615https://github.com/wsg00d/cve-2017-12615POC Details
5Tomcat 远程代码执行漏洞 Exploithttps://github.com/BeyondCy/CVE-2017-12615POC Details
6CVE-2017-12615 Tomcat RCE (TESTED)https://github.com/1337g/CVE-2017-12615POC Details
7tomcat7.x远程命令执行https://github.com/Shellkeys/CVE-2017-12615POC Details
8cve-2017-12615https://github.com/cved-sources/cve-2017-12615POC Details
9CVE-2017-12615 批量脚本https://github.com/ianxtianxt/CVE-2017-12615POC Details
10Nonehttps://github.com/cyberharsh/Tomcat-CVE-2017-12615POC Details
11CVE-2017-12615 任意文件写入exp,写入webshellhttps://github.com/w0x68y/CVE-2017-12615-EXPPOC Details
12Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆破、CVE-2020-1938 Tomcat AJP文件读取/包含https://github.com/tpt11fb/AttackTomcatPOC Details
13Tomcat PUT方法任意文件写入(CVE-2017-12615)exphttps://github.com/xiaokp7/Tomcat_PUT_GUI_EXPPOC Details
14Nonehttps://github.com/K3ysTr0K3R/CVE-2017-12615-EXPLOITPOC Details
15最新tomcat漏洞扫描工具,支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615文件上传https://github.com/lizhianyuguangming/TomcatWeakPassCheckerPOC Details
16最新tomcat自动化漏洞扫描利用工具,支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含https://github.com/lizhianyuguangming/TomcatScanProPOC Details
17Nonehttps://github.com/wudidwo/CVE-2017-12615-pocPOC Details
18Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-12615.yamlPOC Details
19Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Tomcat%20PUT%E6%96%B9%E6%B3%95%E4%BB%BB%E6%84%8F%E5%86%99%E6%96%87%E4%BB%B6%E6%BC%8F%E6%B4%9E%20CVE-2017-12615.mdPOC Details
20Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Tomcat%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-12615.mdPOC Details
21https://github.com/vulhub/vulhub/blob/master/tomcat/CVE-2017-12615/README.mdPOC Details
22PoC environment and exploit for the Apache Tomcat on Windows Remote Code Execution Vulnerabilityhttps://github.com/edyekomu/CVE-2017-12615-PoCPOC Details
23Tomcat - PUT Methodhttps://github.com/Fa1c0n35/CVE-2017-12615POC Details
24CVE-2017-12615 Tomcat: Remote Code Execution via JSP Upload Home Lab for Red Teaming, Penetration Testinghttps://github.com/netw0rk7/CVE-2017-12615-Home-LabPOC Details
25Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Tomcat%20PUT%20%E6%96%B9%E6%B3%95%E4%BB%BB%E6%84%8F%E5%86%99%E6%96%87%E4%BB%B6%E6%BC%8F%E6%B4%9E%20CVE-2017-12615.mdPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-12615

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Apache Tomcat
Same vendor: Apache Software Foundation

V. Comments for CVE-2017-12615

No comments yet

Leave a comment