mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-30 18:20:53 +00:00
111 lines
4.9 KiB
Markdown
111 lines
4.9 KiB
Markdown
|
### [CVE-2017-12615](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
|
||
|
|
- https://github.com/breaktoprotect/CVE-2017-12615
|
||
|
|
- https://www.exploit-db.com/exploits/42953/
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/0day404/vulnerability-poc
|
||
|
|
- https://github.com/0day666/Vulnerability-verification
|
||
|
|
- https://github.com/0ps/pocassistdb
|
||
|
|
- https://github.com/1120362990/vulnerability-list
|
||
|
|
- https://github.com/1337g/CVE-2017-12615
|
||
|
|
- https://github.com/1f3lse/taiE
|
||
|
|
- https://github.com/20142995/Goby
|
||
|
|
- https://github.com/20142995/sectool
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
||
|
|
- https://github.com/ArrestX/--POC
|
||
|
|
- https://github.com/Aukaii/notes
|
||
|
|
- https://github.com/BeyondCy/CVE-2017-12615
|
||
|
|
- https://github.com/CLincat/vulcat
|
||
|
|
- https://github.com/CnHack3r/Penetration_PoC
|
||
|
|
- https://github.com/EchoGin404/-
|
||
|
|
- https://github.com/EchoGin404/gongkaishouji
|
||
|
|
- https://github.com/Elsfa7-110/kenzer-templates
|
||
|
|
- https://github.com/HimmelAward/Goby_POC
|
||
|
|
- https://github.com/KRookieSec/WebSecurityStudy
|
||
|
|
- https://github.com/KayCHENvip/vulnerability-poc
|
||
|
|
- https://github.com/Miraitowa70/POC-Notes
|
||
|
|
- https://github.com/Mr-xn/Penetration_Testing_POC
|
||
|
|
- https://github.com/NCSU-DANCE-Research-Group/CDL
|
||
|
|
- https://github.com/Ostorlab/KEV
|
||
|
|
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||
|
|
- https://github.com/Seif-Naouali/Secu_Dev_2
|
||
|
|
- https://github.com/SexyBeast233/SecBooks
|
||
|
|
- https://github.com/Threekiii/Awesome-POC
|
||
|
|
- https://github.com/Threekiii/Vulhub-Reproduce
|
||
|
|
- https://github.com/Weik1/Artillery
|
||
|
|
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||
|
|
- https://github.com/YgorAlberto/Ethical-Hacker
|
||
|
|
- https://github.com/YgorAlberto/ygoralberto.github.io
|
||
|
|
- https://github.com/Z0fhack/Goby_POC
|
||
|
|
- https://github.com/Zero094/Vulnerability-verification
|
||
|
|
- https://github.com/amcai/myscan
|
||
|
|
- https://github.com/bakery312/Vulhub-Reproduce
|
||
|
|
- https://github.com/breaktoprotect/CVE-2017-12615
|
||
|
|
- https://github.com/cved-sources/cve-2017-12615
|
||
|
|
- https://github.com/cyberharsh/Tomcat-CVE-2017-12615
|
||
|
|
- https://github.com/d4n-sec/d4n-sec.github.io
|
||
|
|
- https://github.com/deut-erium/inter-iit-netsec
|
||
|
|
- https://github.com/einzbernnn/Tomcatscan
|
||
|
|
- https://github.com/enomothem/PenTestNote
|
||
|
|
- https://github.com/fengjixuchui/RedTeamer
|
||
|
|
- https://github.com/g6a/g6adoc
|
||
|
|
- https://github.com/hasee2018/Penetration_Testing_POC
|
||
|
|
- https://github.com/heane404/CVE_scan
|
||
|
|
- https://github.com/huike007/penetration_poc
|
||
|
|
- https://github.com/huike007/poc
|
||
|
|
- https://github.com/huimzjty/vulwiki
|
||
|
|
- https://github.com/hxysaury/saury-vulnhub
|
||
|
|
- https://github.com/ianxtianxt/CVE-2017-12615
|
||
|
|
- https://github.com/ilhamrzr/ApacheTomcat
|
||
|
|
- https://github.com/jweny/pocassistdb
|
||
|
|
- https://github.com/k8gege/Ladon
|
||
|
|
- https://github.com/lions2012/Penetration_Testing_POC
|
||
|
|
- https://github.com/lnick2023/nicenice
|
||
|
|
- https://github.com/lp008/Hack-readme
|
||
|
|
- https://github.com/maya6/-scan-
|
||
|
|
- https://github.com/mefulton/cve-2017-12615
|
||
|
|
- https://github.com/nixawk/labs
|
||
|
|
- https://github.com/oneplus-x/MS17-010
|
||
|
|
- https://github.com/password520/Penetration_PoC
|
||
|
|
- https://github.com/password520/RedTeamer
|
||
|
|
- https://github.com/qazbnm456/awesome-cve-poc
|
||
|
|
- https://github.com/qiantu88/Tomcat-Exploit
|
||
|
|
- https://github.com/qiwentaidi/Slack
|
||
|
|
- https://github.com/r0eXpeR/redteam_vul
|
||
|
|
- https://github.com/safe6Sec/PentestNote
|
||
|
|
- https://github.com/skyblueflag/WebSecurityStudy
|
||
|
|
- https://github.com/sobinge/nuclei-templates
|
||
|
|
- https://github.com/sponkmonk/Ladon_english_update
|
||
|
|
- https://github.com/superfish9/pt
|
||
|
|
- https://github.com/tdcoming/Vulnerability-engine
|
||
|
|
- https://github.com/tpt11fb/AttackTomcat
|
||
|
|
- https://github.com/trganda/dockerv
|
||
|
|
- https://github.com/underattack-today/underattack-py
|
||
|
|
- https://github.com/veo/vscan
|
||
|
|
- https://github.com/w0x68y/CVE-2017-12615-EXP
|
||
|
|
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
|
||
|
|
- https://github.com/woodpecker-appstore/tomcat-vuldb
|
||
|
|
- https://github.com/woods-sega/woodswiki
|
||
|
|
- https://github.com/wsg00d/cve-2017-12615
|
||
|
|
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
|
||
|
|
- https://github.com/xiaokp7/Tomcat_PUT_GUI_EXP
|
||
|
|
- https://github.com/xuetusummer/Penetration_Testing_POC
|
||
|
|
- https://github.com/yedada-wei/-
|
||
|
|
- https://github.com/yedada-wei/gongkaishouji
|
||
|
|
- https://github.com/zha0/Bei-Gai-penetration-test-guide
|
||
|
|
- https://github.com/zi0Black/POC-CVE-2017-12615-or-CVE-2017-12717
|
||
|
|
|