CISA KEV 정보
| 취약점명 | Apache Tomcat on Windows Remote Code Execution Vulnerability |
|---|---|
| 설명 | When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Known |
| CWE | CWE-434 |
| 등록일 (KEV) | 2022-03-25 |
| 조치 기한 | 2022-04-15 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2017-12615 |
NVD 상세 정보
CVSS v3.1: 8.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P설명: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CWE: CWE-434 | CWE-434
참조
- http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html [Exploit]
- http://www.securityfocus.com/bid/100901 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1039392 [Broken Link, Third Party Advisory, VDB Entry]
- https://access.redhat.com/errata/RHSA-2017:3080 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2017:3081 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2017:3113 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2017:3114 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:0465 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:0466 [Third Party Advisory]
- https://github.com/breaktoprotect/CVE-2017-12615 [Exploit, Third Party Advisory]
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E [Mailing List, Patch]
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E [Mailing List, Patch]
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E [Mailing List, Patch]
- https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E [Issue Tracking, Mailing List]
- https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E [Mailing List]
- ... 외 24건
This product uses the NVD API but is not endorsed or certified by the NVD.