### [CVE-2017-12615](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615) ![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen) ### Description When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. ### POC #### Reference - http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html - https://github.com/breaktoprotect/CVE-2017-12615 - https://www.exploit-db.com/exploits/42953/ #### Github - https://github.com/0day404/vulnerability-poc - https://github.com/0day666/Vulnerability-verification - https://github.com/0ps/pocassistdb - https://github.com/1120362990/vulnerability-list - https://github.com/1337g/CVE-2017-12615 - https://github.com/1f3lse/taiE - https://github.com/20142995/Goby - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ArrestX/--POC - https://github.com/Aukaii/notes - https://github.com/BeyondCy/CVE-2017-12615 - https://github.com/CLincat/vulcat - https://github.com/CnHack3r/Penetration_PoC - https://github.com/EchoGin404/- - https://github.com/EchoGin404/gongkaishouji - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/HimmelAward/Goby_POC - https://github.com/KRookieSec/WebSecurityStudy - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Miraitowa70/POC-Notes - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/NCSU-DANCE-Research-Group/CDL - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Seif-Naouali/Secu_Dev_2 - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Weik1/Artillery - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/YgorAlberto/Ethical-Hacker - https://github.com/YgorAlberto/ygoralberto.github.io - https://github.com/Z0fhack/Goby_POC - https://github.com/ZTK-009/Penetration_PoC - https://github.com/ZTK-009/RedTeamer - https://github.com/Zero094/Vulnerability-verification - https://github.com/amcai/myscan - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/cved-sources/cve-2017-12615 - https://github.com/cyberharsh/Tomcat-CVE-2017-12615 - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/deut-erium/inter-iit-netsec - https://github.com/einzbernnn/Tomcatscan - https://github.com/enomothem/PenTestNote - https://github.com/fengjixuchui/RedTeamer - https://github.com/g6a/g6adoc - https://github.com/hasee2018/Penetration_Testing_POC - https://github.com/heane404/CVE_scan - https://github.com/huike007/penetration_poc - https://github.com/huike007/poc - https://github.com/huimzjty/vulwiki - https://github.com/hxysaury/saury-vulnhub - https://github.com/ianxtianxt/CVE-2017-12615 - https://github.com/ilhamrzr/ApacheTomcat - https://github.com/jweny/pocassistdb - https://github.com/k8gege/Aggressor - https://github.com/k8gege/Ladon - https://github.com/k8gege/PowerLadon - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/lnick2023/nicenice - https://github.com/lp008/Hack-readme - https://github.com/maya6/-scan- - https://github.com/mefulton/cve-2017-12615 - https://github.com/nixawk/labs - https://github.com/oneplus-x/MS17-010 - https://github.com/password520/Penetration_PoC - https://github.com/password520/RedTeamer - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qiantu88/Tomcat-Exploit - https://github.com/qiwentaidi/Slack - https://github.com/r0eXpeR/redteam_vul - https://github.com/safe6Sec/PentestNote - https://github.com/skyblueflag/WebSecurityStudy - https://github.com/sobinge/nuclei-templates - https://github.com/sponkmonk/Ladon_english_update - https://github.com/superfish9/pt - https://github.com/tdcoming/Vulnerability-engine - https://github.com/tpt11fb/AttackTomcat - https://github.com/trganda/dockerv - https://github.com/underattack-today/underattack-py - https://github.com/veo/vscan - https://github.com/w0x68y/CVE-2017-12615-EXP - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- - https://github.com/woodpecker-appstore/tomcat-vuldb - https://github.com/woods-sega/woodswiki - https://github.com/wsg00d/cve-2017-12615 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 - https://github.com/xiaokp7/Tomcat_PUT_GUI_EXP - https://github.com/xuetusummer/Penetration_Testing_POC - https://github.com/yedada-wei/- - https://github.com/yedada-wei/gongkaishouji - https://github.com/zha0/Bei-Gai-penetration-test-guide - https://github.com/zi0Black/POC-CVE-2017-12615-or-CVE-2017-12717