NVD Vulnerability Detail

CVE-2017-12615

Summary	When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Summary	Cuando se ejecuta Apache Tomcat en sus versiones 7.0.0 a 7.0.79 en Windows con HTTP PUT habilitado (por ejemplo, estableciendo el parámetro de inicialización de solo lectura del Default en "false") fue posible subir un archivo JSP al servidor mediante una petición especialmente manipulada. Este archivo JSP podría ser solicitado y cualquier código que contenga podría ser ejecutado por el servidor.
Publication Date	Sept. 19, 2017, 10:29 p.m.
Registration Date	Jan. 26, 2021, 1:14 p.m.
Last Update	April 22, 2026, 2:04 a.m.

CVSS3.1 : HIGH
スコア	8.1
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat::::::::	7.0.0	7.0.79
cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::*
cpe:2.3:a:netapp:oncommand_balance:-:::::::*
cpe:2.3:a:netapp:oncommand_shift:-:::::::*
cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:::::::*
cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*
cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration2		or higher	or less	more than	less than

Related information, measures and tools

No	URL	refsource
1	http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html	security@apache.org
2	http://www.securityfocus.com/bid/100901	security@apache.org
3	http://www.securitytracker.com/id/1039392	security@apache.org
4	https://access.redhat.com/errata/RHSA-2017:3080	security@apache.org
5	https://access.redhat.com/errata/RHSA-2017:3081	security@apache.org
6	https://access.redhat.com/errata/RHSA-2017:3113	security@apache.org
7	https://access.redhat.com/errata/RHSA-2017:3114	security@apache.org
8	https://access.redhat.com/errata/RHSA-2018:0465	security@apache.org
9	https://access.redhat.com/errata/RHSA-2018:0466	security@apache.org
10	https://github.com/breaktoprotect/CVE-2017-12615	security@apache.org
11	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	security@apache.org
12	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	security@apache.org
13	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	security@apache.org
14	https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E	security@apache.org
15	https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	security@apache.org
16	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	security@apache.org
17	https://security.netapp.com/advisory/ntap-20171018-0001/	security@apache.org
18	https://www.exploit-db.com/exploits/42953/	security@apache.org
19	https://www.synology.com/support/security/Synology_SA_17_54_Tomcat	security@apache.org
20	http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html	af854a3a-2127-422b-91ae-364da2661108
21	http://www.securityfocus.com/bid/100901	af854a3a-2127-422b-91ae-364da2661108
22	http://www.securitytracker.com/id/1039392	af854a3a-2127-422b-91ae-364da2661108
23	https://access.redhat.com/errata/RHSA-2017:3080	af854a3a-2127-422b-91ae-364da2661108
24	https://access.redhat.com/errata/RHSA-2017:3081	af854a3a-2127-422b-91ae-364da2661108
25	https://access.redhat.com/errata/RHSA-2017:3113	af854a3a-2127-422b-91ae-364da2661108
26	https://access.redhat.com/errata/RHSA-2017:3114	af854a3a-2127-422b-91ae-364da2661108
27	https://access.redhat.com/errata/RHSA-2018:0465	af854a3a-2127-422b-91ae-364da2661108
28	https://access.redhat.com/errata/RHSA-2018:0466	af854a3a-2127-422b-91ae-364da2661108
29	https://github.com/breaktoprotect/CVE-2017-12615	af854a3a-2127-422b-91ae-364da2661108
30	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
31	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
32	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
33	https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
34	https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
35	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
36	https://security.netapp.com/advisory/ntap-20171018-0001/	af854a3a-2127-422b-91ae-364da2661108
37	https://www.exploit-db.com/exploits/42953/	af854a3a-2127-422b-91ae-364da2661108
38	https://www.synology.com/support/security/Synology_SA_17_54_Tomcat	af854a3a-2127-422b-91ae-364da2661108
39	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-434	危険なタイプのファイルの無制限アップロード	https://cwe.mitre.org/data/definitions/434.html

JVN Vulnerability Information

Apache Tomcat における危険なタイプのファイルの無制限アップロードに関する脆弱性

Title	Apache Tomcat における危険なタイプのファイルの無制限アップロードに関する脆弱性
Summary	Apache Tomcat には、危険なタイプのファイルの無制限アップロードに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 19, 2017, midnight
Registration Date	Oct. 16, 2017, 6:11 p.m.
Last Update	Dec. 11, 2017, 5:15 p.m.

Affected System

Apache Software Foundation

Apache Tomcat 7.0.0 から 7.0.79

日本電気

MailShooter

SimpWright

SpoolServer/Winspoolシリーズ

WebOTX

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-12615	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615
National Vulnerability Database (NVD)
2	CVE-2017-12615	https://nvd.nist.gov/vuln/detail/CVE-2017-12615

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-434	https://cwe.mitre.org/data/definitions/434.html

ベンダー情報

No	Name	URL
Apache Tomcat
1	Fixed in Apache Tomcat 7.0.81	http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
NEC製品セキュリティ情報
2	NV17-023	http://jpn.nec.com/security-info/secinfo/nv17-023.html
Pony Mail
3	[SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload	https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E

その他

No	Name	URL
JPCERT 注意喚起
1	Apache Tomcat における脆弱性に関する注意喚起	https://www.jpcert.or.jp/at/2017/at170038.html
JVN
2	JVNVU#99259676	http://jvn.jp/vu/JVNVU99259676/index.html

Change Log

No	Changed Details	Date of change
0	[2017年10月16日] 掲載 [2017年10月30日] ベンダ情報：Apache Software Foundation (Fixed in Apache Tomcat 7.0.81) を追加参考情報：JVN (JVNVU#99259676) を追加参考情報：JPCERT 注意喚起 (Apache Tomcat における脆弱性に関する注意喚起) を追加 [2017年11月09日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日本電気 (NV17-023) を追加 [2017年12月11日] 影響を受けるシステム：ベンダ情報 (NV17-023) の更新に伴い内容を更新	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat::::::::	7.0.0	7.0.79
cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::*
cpe:2.3:a:netapp:oncommand_balance:-:::::::*
cpe:2.3:a:netapp:oncommand_shift:-:::::::*
cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:::::::*
cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*
cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*