PoC environment and exploit for the Apache Tomcat on Windows Remote Code Execution Vulnerability# CVE 2017-12615 Apache Tomcat Windows RCE
## ⚠️Warning
> This is a proof of concept environment and exploit for known CVEs, strictly for learning and educational purposes.
> Do not use these scripts or techniques on systems you do not own or have explicit permission to test. Unauthorised access or exploitation of systems is illegal and unethical.
## 📃Description
This is a proof of concept environment and exploit for CVE 2017-12615.
The vulnerability arises in Tomcat with the following factors:
1. Servlet context was configured to have `readonly=false`
2. `HTTP PUT` requests are allowed
As such attackers may send and thus upload a **JSP** file via PUT a request. Apache Tomcat will then execute the code and render the response, rendering it vulnerable to **remote code execution (RCE)**
## ✏️Usage
### Setting up the environment
1. Install and set up [Docker](https://www.docker.com/get-started/)
2. Run the following commands
```
docker compose build
docker compose up -d
```
### Using the exploit
1. Install requirements
```
pip install -r requirements.txt
```
2. Run the exploit
```
python CVE-2017-12615.py [TARGETIP:PORT]
```
If the exploit was successful, you may check if your file was uploaded by going to the target address at http://target-host/test.jsp or using `curl http://target-host:port/test.jsp`
### Additional Flags
You may choose to upload your own file by specifying the file location as such:
```
python CVE-2017-12615.py [TARGETIP:PORT] -f [file_path]
```
[4.0K] /data/pocs/b99449e4e71fbdd082e25c8e3dcab6815530dc9b
├── [1.0K] CVE-2017-12615.py
├── [ 63] docker-compose.yml
├── [ 81] Dockerfile
├── [1.5K] README.md
├── [ 186] requirements.txt
└── [ 544] web.xml
0 directories, 6 files