Apache Tomcat - Remote Code Execution (CVE-2017-12617)
- Severity
- CVSSv3 Score
- 8.1
- Exploitable with Sniper
- Yes
- Vulnerability description
Apache Tomcat is affected by a Remote Code Execution vulnerability. The root cause of this vulnerability consists in using a bad servlet context configuration with
readonly=falseand the PUT method allowed. Therefore, an unauthenticated remote attacker can use PUT method to uploadJSPfiles on the server and execute them.- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.
- Recommendation
Upgrade the Apache Struts to the latest version or to a version higher than: 9.0.0, 8.5.22, 8.0.46, 7.0.81.
- Detectable with
- Network Scanner
- Vuln date
- Oct 2017
- Published at
- Updated at
- Software Type
- Web server
- Vendor
- Apache
- Product
- Tomcat
- Codename
- Not available
