HTTP: Apache Tomcat HTTP PUT Windows Remote Code Execution

This signature detects attempts to exploit a known vulnerability in Apache Tomcat running on Windows. A remote attacker can exploit this vulnerability by uploading a specially crafted JSP page to the vulnerable server. This can result in remote code execution in the context of the affected service.

Extended Description

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Affected Products

Redhat jboss_enterprise_web_server

Short Name
HTTP:APACHE:TOMCAT-PUT-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2017-12615 CVE-2017-12617 Code Execution HTTP PUT Remote Tomcat Windows bid:100901
Release Date
10/10/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3724
False Positive
Unknown
Vendors

Redhat

Apache

Oracle

Netapp

Debian

Canonical

CVSS Score

6.8

Found a potential security threat?