CVE-2017-12615

Known Exploited (CISA KEV)HIGH

8.1

CVSS Severity Score

EPSS Score82.4800%

EPSS Percentile93.94th

PublishedSep 19, 2017

Last ModifiedApr 21, 2026

Vulnerability Description

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Affected Platforms (CPE)

📦

Apache

Tomcat

>= 7.0.0 and <= 7.0.79

📦

Netapp

7 Mode Transition Tool

All versions

📦

Netapp

Oncommand Balance

All versions

📦

Netapp

Oncommand Shift

All versions

📦

Redhat

Enterprise Linux Server Update Services For Sap Solutions

= 7.4

📦

Redhat

Enterprise Linux Server Update Services For Sap Solutions

= 7.6

📦

Redhat

Enterprise Linux Server Update Services For Sap Solutions

= 7.7

📦

Redhat

Jboss Enterprise Web Server

= 2.0.0

📦

Redhat

Jboss Enterprise Web Server

= 3.0.0

📦

Redhat

Jboss Enterprise Web Server Text Only Advisories

All versions

💻

Redhat

Enterprise Linux Desktop

= 6.0

💻

Redhat

Enterprise Linux Desktop

= 7.0

💻

Redhat

Enterprise Linux Eus

= 7.4

💻

Redhat

Enterprise Linux Eus

= 7.5

💻

Redhat

Enterprise Linux Eus

= 7.6

💻

Redhat

Enterprise Linux Eus

= 7.7

💻

Redhat

Enterprise Linux Eus Compute Node

= 7.4

💻

Redhat

Enterprise Linux Eus Compute Node

= 7.5

💻

Redhat

Enterprise Linux Eus Compute Node

= 7.6

💻

Redhat

Enterprise Linux Eus Compute Node

= 7.7

💻

Redhat

Enterprise Linux For Ibm Z Systems

= 7.0_s390x

💻

Redhat

Enterprise Linux For Ibm Z Systems Eus

= 7.4_s390x

💻

Redhat

Enterprise Linux For Ibm Z Systems Eus

= 7.5_s390x

💻

Redhat

Enterprise Linux For Ibm Z Systems Eus

= 7.6_s390x

💻

Redhat

Enterprise Linux For Ibm Z Systems Eus

= 7.7_s390x

💻

Redhat

Enterprise Linux For Power Big Endian

= 7.0_ppc64

💻

Redhat

Enterprise Linux For Power Big Endian Eus

= 7.4_ppc64

💻

Redhat

Enterprise Linux For Power Big Endian Eus

= 7.5_ppc64

💻

Redhat

Enterprise Linux For Power Big Endian Eus

= 7.6_ppc64

💻

Redhat

Enterprise Linux For Power Big Endian Eus

= 7.7_ppc64

💻

Redhat

Enterprise Linux For Power Little Endian

= 7.0_ppc64le

💻

Redhat

Enterprise Linux For Power Little Endian Eus

= 7.4_ppc64le

💻

Redhat

Enterprise Linux For Power Little Endian Eus

= 7.5_ppc64le

💻

Redhat

Enterprise Linux For Power Little Endian Eus

= 7.6_ppc64le

💻

Redhat

Enterprise Linux For Power Little Endian Eus

= 7.7_ppc64le

💻

Redhat

Enterprise Linux For Scientific Computing

= 7.0

💻

Redhat

Enterprise Linux Server

= 6.0

💻

Redhat

Enterprise Linux Server

= 7.0

💻

Redhat

Enterprise Linux Server Aus

= 7.4

💻

Redhat

Enterprise Linux Server Aus

= 7.6

💻

Redhat

Enterprise Linux Server Aus

= 7.7

💻

Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

= 7.4_ppc64le

💻

Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

= 7.6_ppc64le

💻

Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

= 7.7_ppc64le

💻

Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

= 9.2_ppc64le

💻

Redhat

Enterprise Linux Server Tus

= 7.4

💻

Redhat

Enterprise Linux Server Tus

= 7.6

💻

Redhat

Enterprise Linux Server Tus

= 7.7

💻

Redhat

Enterprise Linux Workstation

= 6.0

💻

Redhat

Enterprise Linux Workstation

= 7.0

References & Advisories

🔗 http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html

🔗 http://www.securityfocus.com/bid/100901

🔗 http://www.securitytracker.com/id/1039392

🔗 https://access.redhat.com/errata/RHSA-2017:3080

🔗 https://access.redhat.com/errata/RHSA-2017:3081

🔗 https://access.redhat.com/errata/RHSA-2017:3113

🔗 https://access.redhat.com/errata/RHSA-2017:3114

🔗 https://access.redhat.com/errata/RHSA-2018:0465

Vulnerability Description

Affected Platforms (CPE)

Tomcat

7 Mode Transition Tool

Oncommand Balance

Oncommand Shift

Enterprise Linux Server Update Services For Sap Solutions

Enterprise Linux Server Update Services For Sap Solutions

Enterprise Linux Server Update Services For Sap Solutions

Jboss Enterprise Web Server

Jboss Enterprise Web Server

Jboss Enterprise Web Server Text Only Advisories

Enterprise Linux Desktop

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Eus

Enterprise Linux Eus

Enterprise Linux Eus

Enterprise Linux Eus Compute Node

Enterprise Linux Eus Compute Node

Enterprise Linux Eus Compute Node

Enterprise Linux Eus Compute Node

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Power Big Endian

Enterprise Linux For Power Big Endian Eus

Enterprise Linux For Power Big Endian Eus

Enterprise Linux For Power Big Endian Eus

Enterprise Linux For Power Big Endian Eus

Enterprise Linux For Power Little Endian

Enterprise Linux For Power Little Endian Eus

Enterprise Linux For Power Little Endian Eus

Enterprise Linux For Power Little Endian Eus

Enterprise Linux For Power Little Endian Eus

Enterprise Linux For Scientific Computing

Enterprise Linux Server

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Enterprise Linux Server Tus

Enterprise Linux Server Tus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Enterprise Linux Workstation

References & Advisories

Related Vulnerabilities