HomePentest-Tools.com Logo

Apache Tomcat HTTP PUT Request Code Execution Vulnerability - Windows CVE-2017-12615

Severity
CVSSv3 Score
8.1
Vulnerability description

Apache Tomcat is prone to a code execution vulnerability.

Risk description

The flaw is due to an insufficient processing of HTTP PUT Request, which allows uploading of an arbitrary JSP file to the target system and then request the file to execute arbitrary code on the target system. Successful exploitation will allow remote attackers to execute arbitrary code on the target system.

Recommendation

Upgrade to Tomcat version 7.0.81 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 19, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available