CVE-2017-12617
Known Exploited (CISA KEV)HIGH
8.1
CVSS Severity Score
Vulnerability Description
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Affected Platforms (CPE)
📦
Apache
Tomcat
>= 7.0.0 and < 7.0.82📦
Apache
Tomcat
>= 8.0 and < 8.0.47📦
Apache
Tomcat
>= 8.5.0 and < 8.5.23📦
Apache
Tomcat
>= 9.0.0 and < 9.0.1💻
Canonical
Ubuntu Linux
= 12.04💻
Canonical
Ubuntu Linux
= 16.04💻
Canonical
Ubuntu Linux
= 17.10💻
Canonical
Ubuntu Linux
= 18.04📦
Oracle
Agile Plm
= 9.3.3📦
Oracle
Agile Plm
= 9.3.4📦
Oracle
Agile Plm
= 9.3.5📦
Oracle
Agile Plm
= 9.3.6📦
Oracle
Communications Instant Messaging Server
= 10.0.1📦
Oracle
Endeca Information Discovery Integrator
= 3.1.0📦
Oracle
Endeca Information Discovery Integrator
= 3.2.0📦
Oracle
Enterprise Manager For Mysql Database
= 12.1.0.4.0📦
Oracle
Financial Services Analytical Applications Infrastructure
>= 7.3.3.0.0 and <= 7.3.5.3.0📦
Oracle
Financial Services Analytical Applications Infrastructure
>= 8.0.0.0.0 and <= 8.0.9.0.0📦
Oracle
Fmw Platform
= 12.2.1.2.0📦
Oracle
Fmw Platform
= 12.2.1.3.0📦
Oracle
Health Sciences Empirica Inspections
= 1.0.1.1📦
Oracle
Hospitality Guest Access
= 4.2.0📦
Oracle
Hospitality Guest Access
= 4.2.1📦
Oracle
Instantis Enterprisetrack
= 17.1📦
Oracle
Instantis Enterprisetrack
= 17.2📦
Oracle
Management Pack
= 11.2.1.0.13📦
Oracle
Micros Lucas
= 2.9.5📦
Oracle
Micros Retail Xbri Loss Prevention
= 10.0.1📦
Oracle
Micros Retail Xbri Loss Prevention
= 10.5.0📦
Oracle
Micros Retail Xbri Loss Prevention
= 10.6.0📦
Oracle
Micros Retail Xbri Loss Prevention
= 10.7.0📦
Oracle
Micros Retail Xbri Loss Prevention
= 10.8.0📦
Oracle
Micros Retail Xbri Loss Prevention
= 10.8.1📦
Oracle
Mysql Enterprise Monitor
<= 3.3.6.3293📦
Oracle
Mysql Enterprise Monitor
>= 3.4.0 and <= 3.4.4.4226📦
Oracle
Mysql Enterprise Monitor
>= 4.0.0 and <= 4.0.0.5135📦
Oracle
Retail Advanced Inventory Planning
= 13.2📦
Oracle
Retail Advanced Inventory Planning
= 13.4📦
Oracle
Retail Advanced Inventory Planning
= 14.1📦
Oracle
Retail Advanced Inventory Planning
= 15.0📦
Oracle
Retail Back Office
= 14.0.4📦
Oracle
Retail Back Office
= 14.1.3📦
Oracle
Retail Central Office
= 14.0.4📦
Oracle
Retail Central Office
= 14.1.3📦
Oracle
Retail Convenience And Fuel Pos Software
= 2.1.132📦
Oracle
Retail Eftlink
= 1.1.124📦
Oracle
Retail Eftlink
= 15.0.1📦
Oracle
Retail Eftlink
= 16.0.2📦
Oracle
Retail Insights
= 14.0📦
Oracle
Retail Insights
= 14.1📦
Oracle
Retail Insights
= 15.0📦
Oracle
Retail Insights
= 16.0📦
Oracle
Retail Invoice Matching
= 12.0📦
Oracle
Retail Invoice Matching
= 13.0📦
Oracle
Retail Invoice Matching
= 13.1📦
Oracle
Retail Invoice Matching
= 13.2📦
Oracle
Retail Invoice Matching
= 14.0📦
Oracle
Retail Invoice Matching
= 14.1📦
Oracle
Retail Invoice Matching
= 15.0📦
Oracle
Retail Invoice Matching
= 16.0📦
Oracle
Retail Order Broker
= 5.0📦
Oracle
Retail Order Broker
= 5.1📦
Oracle
Retail Order Broker
= 5.2📦
Oracle
Retail Order Broker
= 15.0📦
Oracle
Retail Order Broker
= 16.0📦
Oracle
Retail Order Management System
= 4.0📦
Oracle
Retail Order Management System
= 4.5📦
Oracle
Retail Order Management System
= 4.7📦
Oracle
Retail Order Management System
= 5.0📦
Oracle
Retail Point Of Service
= 14.0.4📦
Oracle
Retail Point Of Service
= 14.1.3📦
Oracle
Retail Price Management
= 12.0📦
Oracle
Retail Price Management
= 13.0📦
Oracle
Retail Price Management
= 13.1📦
Oracle
Retail Price Management
= 13.2📦
Oracle
Retail Price Management
= 14.0📦
Oracle
Retail Price Management
= 14.1📦
Oracle
Retail Price Management
= 15.0📦
Oracle
Retail Price Management
= 16.0📦
Oracle
Retail Returns Management
= 2.3.8📦
Oracle
Retail Returns Management
= 2.4.9📦
Oracle
Retail Returns Management
= 14.0.4📦
Oracle
Retail Returns Management
= 14.1.3📦
Oracle
Retail Store Inventory Management
= 12.0.12📦
Oracle
Retail Store Inventory Management
= 13.0.7📦
Oracle
Retail Store Inventory Management
= 13.1.9📦
Oracle
Retail Store Inventory Management
= 13.2.9📦
Oracle
Retail Store Inventory Management
= 14.0.4📦
Oracle
Retail Store Inventory Management
= 14.1.3📦
Oracle
Retail Store Inventory Management
= 15.0.2📦
Oracle
Retail Store Inventory Management
= 16.0.1📦
Oracle
Retail Xstore Point Of Service
= 6.0.11📦
Oracle
Retail Xstore Point Of Service
= 7.0.6📦
Oracle
Retail Xstore Point Of Service
= 7.1.6📦
Oracle
Retail Xstore Point Of Service
= 15.0.1📦
Oracle
Transportation Management
= 6.3.1📦
Oracle
Transportation Management
= 6.3.2📦
Oracle
Transportation Management
= 6.3.3📦
Oracle
Transportation Management
= 6.3.4📦
Oracle
Transportation Management
= 6.3.5📦
Oracle
Transportation Management
= 6.3.6📦
Oracle
Transportation Management
= 6.3.7📦
Oracle
Tuxedo System And Applications Monitor
= 12.1.3.0.0📦
Oracle
Webcenter Sites
= 11.1.1.8.0📦
Oracle
Workload Manager
= 12.2.0.1💻
Debian
Debian Linux
= 7.0📦
Netapp
Active Iq Unified Manager
>= 7.3📦
Netapp
Active Iq Unified Manager
>= 9.5📦
Netapp
Oncommand Balance
All versions📦
Netapp
Oncommand Insight
All versions📦
Netapp
Oncommand Shift
All versions📦
Netapp
Oncommand Workflow Automation
All versions📦
Netapp
Snapcenter
All versions💻
Netapp
Element
All versions📦
Redhat
Fuse
= 1.0📦
Redhat
Jboss Enterprise Application Platform
= 6.0.0📦
Redhat
Jboss Enterprise Application Platform
= 6.4.0📦
Redhat
Jboss Enterprise Web Server
= 2.0.0📦
Redhat
Jboss Enterprise Web Server
= 3.0.0📦
Redhat
Jboss Enterprise Web Server Text Only Advisories
All versions💻
Redhat
Enterprise Linux Desktop
= 6.0💻
Redhat
Enterprise Linux Desktop
= 7.0💻
Redhat
Enterprise Linux Eus
= 7.4💻
Redhat
Enterprise Linux Eus
= 7.5💻
Redhat
Enterprise Linux Eus
= 7.6💻
Redhat
Enterprise Linux Eus
= 7.7💻
Redhat
Enterprise Linux Eus Compute Node
= 7.4💻
Redhat
Enterprise Linux Eus Compute Node
= 7.5💻
Redhat
Enterprise Linux Eus Compute Node
= 7.6💻
Redhat
Enterprise Linux Eus Compute Node
= 7.7💻
Redhat
Enterprise Linux For Ibm Z Systems
= 6.0_s390x💻
Redhat
Enterprise Linux For Ibm Z Systems
= 7.0_s390x💻
Redhat
Enterprise Linux For Ibm Z Systems Eus
= 7.4_s390x💻
Redhat
Enterprise Linux For Ibm Z Systems Eus
= 7.5_s390x💻
Redhat
Enterprise Linux For Ibm Z Systems Eus
= 7.6_s390x💻
Redhat
Enterprise Linux For Ibm Z Systems Eus
= 7.7_s390x💻
Redhat
Enterprise Linux For Power Big Endian
= 6.0_ppc64💻
Redhat
Enterprise Linux For Power Big Endian
= 7.0_ppc64💻
Redhat
Enterprise Linux For Power Big Endian Eus
= 7.4_ppc64💻
Redhat
Enterprise Linux For Power Big Endian Eus
= 7.5_ppc64💻
Redhat
Enterprise Linux For Power Big Endian Eus
= 7.6_ppc64💻
Redhat
Enterprise Linux For Power Big Endian Eus
= 7.7_ppc64💻
Redhat
Enterprise Linux For Power Little Endian
= 7.0💻
Redhat
Enterprise Linux For Power Little Endian Eus
= 7.4_ppc64le💻
Redhat
Enterprise Linux For Power Little Endian Eus
= 7.5_ppc64le💻
Redhat
Enterprise Linux For Power Little Endian Eus
= 7.6_ppc64le💻
Redhat
Enterprise Linux For Power Little Endian Eus
= 7.7_ppc64le💻
Redhat
Enterprise Linux Server
= 6.0💻
Redhat
Enterprise Linux Server
= 7.0💻
Redhat
Enterprise Linux Server Aus
= 7.4💻
Redhat
Enterprise Linux Server Aus
= 7.6💻
Redhat
Enterprise Linux Server Aus
= 7.7💻
Redhat
Enterprise Linux Server Tus
= 7.4💻
Redhat
Enterprise Linux Server Tus
= 7.6💻
Redhat
Enterprise Linux Server Tus
= 7.7💻
Redhat
Enterprise Linux Workstation
= 6.0💻
Redhat