admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2017-12615

Browse Source
This commit is contained in:
tardc 2020-11-06 22:13:51 +08:00
parent e7be49c084
commit 0b07acd129
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Tomcat/CVE-2017-12615/CVE-2017-12615.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 608 KiB

11
Tomcat/CVE-2017-12615/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2017-12615 Apache Tomcat Remote Code Execution Vulnerability
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
**Affected version**: Apache Tomcat 7.0.0 - 7.0.79
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJBcGFjaGUtVG9tY2F0Ig%3D%3D) query rule**: app="Apache-Tomcat"
# Demo
![](CVE-2017-12615.gif)