mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
197 lines
7.8 KiB
JSON
197 lines
7.8 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@apache.org",
|
|
"DATE_PUBLIC": "2017-10-03T00:00:00",
|
|
"ID": "CVE-2017-12617",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Tomcat",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "9.0.0.M1 to 9.0.0"
|
|
},
|
|
{
|
|
"version_value": "8.5.0 to 8.5.22"
|
|
},
|
|
{
|
|
"version_value": "8.0.0.RC1 to 8.0.46"
|
|
},
|
|
{
|
|
"version_value": "7.0.0 to 7.0.81"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Apache Software Foundation"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Remote Code Execution"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "RHSA-2017:3113",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:3080",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
|
|
},
|
|
{
|
|
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:0269",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:0269"
|
|
},
|
|
{
|
|
"name": "42966",
|
|
"refsource": "EXPLOIT-DB",
|
|
"url": "https://www.exploit-db.com/exploits/42966/"
|
|
},
|
|
{
|
|
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:0270",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:0270"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:0271",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:0271"
|
|
},
|
|
{
|
|
"name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update",
|
|
"refsource": "MLIST",
|
|
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:2939",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:2939"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:0465",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
|
|
},
|
|
{
|
|
"name": "USN-3665-1",
|
|
"refsource": "UBUNTU",
|
|
"url": "https://usn.ubuntu.com/3665-1/"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:0268",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:0268"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:3114",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
|
|
},
|
|
{
|
|
"name": "43008",
|
|
"refsource": "EXPLOIT-DB",
|
|
"url": "https://www.exploit-db.com/exploits/43008/"
|
|
},
|
|
{
|
|
"name": "1039552",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1039552"
|
|
},
|
|
{
|
|
"name": "100954",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/100954"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:0275",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:0275"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:0466",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
|
|
},
|
|
{
|
|
"name": "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload",
|
|
"refsource": "MLIST",
|
|
"url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E"
|
|
},
|
|
{
|
|
"name": "https://security.netapp.com/advisory/ntap-20171018-0002/",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://security.netapp.com/advisory/ntap-20171018-0002/"
|
|
},
|
|
{
|
|
"name": "https://security.netapp.com/advisory/ntap-20180117-0002/",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:3081",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
|
|
}
|
|
]
|
|
}
|
|
} |