CVE-2017-12615

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVSS v3 8.1 HIGH
CVSS v2.0 6.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html	Exploit
http://www.securityfocus.com/bid/100901	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039392	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3080	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3081	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3113	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3114	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0465	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0466	Third Party Advisory
https://github.com/breaktoprotect/CVE-2017-12615	Exploit Third Party Advisory
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E	Issue Tracking Mailing List
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://security.netapp.com/advisory/ntap-20171018-0001/	Third Party Advisory
https://www.exploit-db.com/exploits/42953/	Third Party Advisory VDB Entry
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat	Third Party Advisory
http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html	Exploit
http://www.securityfocus.com/bid/100901	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039392	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3080	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3081	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3113	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3114	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0465	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0466	Third Party Advisory
https://github.com/breaktoprotect/CVE-2017-12615	Exploit Third Party Advisory
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E	Issue Tracking Mailing List
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://security.netapp.com/advisory/ntap-20171018-0001/	Third Party Advisory
https://www.exploit-db.com/exploits/42953/	Third Party Advisory VDB Entry
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::*
	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:::::::*
	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*
	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

21 Nov 2024, 03:09

16 Jul 2024, 17:58

07 Nov 2023, 02:38

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E', 'name': '[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload', 'tags': ['Issue Tracking', 'Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E', 'name': '[announce] 20200131 Apache Software Foundation Security Report: 2019', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E - () https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E -

Information

Published : 2017-09-19 13:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-12615

Mitre link : CVE-2017-12615

CVE.ORG link : CVE-2017-12615

JSON object : View

Products Affected

redhat

jboss_enterprise_web_server_text-only_advisories
jboss_enterprise_web_server
enterprise_linux_for_power_little_endian_eus
enterprise_linux_server_tus
enterprise_linux_for_power_big_endian
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_scientific_computing
enterprise_linux_server_aus
enterprise_linux_server_update_services_for_sap_solutions
enterprise_linux_desktop
enterprise_linux_eus
enterprise_linux_for_power_big_endian_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_power_little_endian
enterprise_linux_workstation
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
enterprise_linux_server
enterprise_linux_eus_compute_node

microsoft

windows

netapp

oncommand_balance
7-mode_transition_tool
oncommand_shift

apache

tomcat

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

Type	Values Removed	Values Added
CPE	cpe:2.3:a:apache:tomcat:7.0.74:::::::* cpe:2.3:a:apache:tomcat:7.0.54:::::::* cpe:2.3:a:apache:tomcat:7.0.22:::::::* cpe:2.3:a:apache:tomcat:7.0.17:::::::* cpe:2.3:a:apache:tomcat:7.0.79:::::::* cpe:2.3:a:apache:tomcat:7.0.27:::::::* cpe:2.3:a:apache:tomcat:7.0.14:::::::* cpe:2.3:a:apache:tomcat:7.0.76:::::::* cpe:2.3:a:apache:tomcat:7.0.58:::::::* cpe:2.3:a:apache:tomcat:7.0.46:::::::* cpe:2.3:a:apache:tomcat:7.0.51:::::::* cpe:2.3:a:apache:tomcat:7.0.57:::::::* cpe:2.3:a:apache:tomcat:7.0.2:::::::* cpe:2.3:a:apache:tomcat:7.0.24:::::::* cpe:2.3:a:apache:tomcat:7.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.50:::::::* cpe:2.3:a:apache:tomcat:7.0.15:::::::* cpe:2.3:a:apache:tomcat:7.0.29:::::::* cpe:2.3:a:apache:tomcat:7.0.42:::::::* cpe:2.3:a:apache:tomcat:7.0.32:::::::* cpe:2.3:a:apache:tomcat:7.0.41:::::::* cpe:2.3:a:apache:tomcat:7.0.75:::::::* cpe:2.3:a:apache:tomcat:7.0.9:::::::* cpe:2.3:a:apache:tomcat:7.0.59:::::::* cpe:2.3:a:apache:tomcat:7.0.49:::::::* cpe:2.3:a:apache:tomcat:7.0.65:::::::* cpe:2.3:a:apache:tomcat:7.0.63:::::::* cpe:2.3:a:apache:tomcat:7.0.23:::::::* cpe:2.3:a:apache:tomcat:7.0.26:::::::* cpe:2.3:a:apache:tomcat:7.0.25:::::::* cpe:2.3:a:apache:tomcat:7.0.12:::::::* cpe:2.3:a:apache:tomcat:7.0.16:::::::* cpe:2.3:a:apache:tomcat:7.0.21:::::::* cpe:2.3:a:apache:tomcat:7.0.73:::::::* cpe:2.3:a:apache:tomcat:7.0.2:beta:::::: cpe:2.3:a:apache:tomcat:7.0.36:::::::* cpe:2.3:a:apache:tomcat:7.0.45:::::::* cpe:2.3:a:apache:tomcat:7.0.39:::::::* cpe:2.3:a:apache:tomcat:7.0.0:::::::* cpe:2.3:a:apache:tomcat:7.0.68:::::::* cpe:2.3:a:apache:tomcat:7.0.70:::::::* cpe:2.3:a:apache:tomcat:7.0.60:::::::* cpe:2.3:a:apache:tomcat:7.0.10:::::::* cpe:2.3:a:apache:tomcat:7.0.55:::::::* cpe:2.3:a:apache:tomcat:7.0.37:::::::* cpe:2.3:a:apache:tomcat:7.0.77:::::::* cpe:2.3:a:apache:tomcat:7.0.66:::::::* cpe:2.3:a:apache:tomcat:7.0.44:::::::* cpe:2.3:a:apache:tomcat:7.0.69:::::::* cpe:2.3:a:apache:tomcat:7.0.7:::::::* cpe:2.3:a:apache:tomcat:7.0.4:beta:::::: cpe:2.3:a:apache:tomcat:7.0.30:::::::* cpe:2.3:a:apache:tomcat:7.0.31:::::::* cpe:2.3:a:apache:tomcat:7.0.34:::::::* cpe:2.3:a:apache:tomcat:7.0.40:::::::* cpe:2.3:a:apache:tomcat:7.0.47:::::::* cpe:2.3:a:apache:tomcat:7.0.28:::::::* cpe:2.3:a:apache:tomcat:7.0.4:::::::* cpe:2.3:a:apache:tomcat:7.0.64:::::::* cpe:2.3:a:apache:tomcat:7.0.8:::::::* cpe:2.3:a:apache:tomcat:7.0.19:::::::* cpe:2.3:a:apache:tomcat:7.0.48:::::::* cpe:2.3:a:apache:tomcat:7.0.71:::::::* cpe:2.3:a:apache:tomcat:7.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0:::::::* cpe:2.3:a:apache:tomcat:7.0.20:::::::* cpe:2.3:a:apache:tomcat:7.0.61:::::::* cpe:2.3:a:apache:tomcat:7.0.67:::::::* cpe:2.3:a:apache:tomcat:7.0.6:::::::* cpe:2.3:a:apache:tomcat:7.0.3:::::::* cpe:2.3:a:apache:tomcat:7.0.0:beta:::::: cpe:2.3:a:apache:tomcat:7.0.35:::::::* cpe:2.3:a:apache:tomcat:7.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.13:::::::* cpe:2.3:a:apache:tomcat:7.0.11:::::::* cpe:2.3:a:apache:tomcat:7.0.43:::::::* cpe:2.3:a:apache:tomcat:7.0.72:::::::* cpe:2.3:a:apache:tomcat:7.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.62:::::::* cpe:2.3:a:apache:tomcat:7.0.5:beta:::::: cpe:2.3:a:apache:tomcat:7.0.56:::::::*	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::* cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:::::::* cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::* cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:::::::* cpe:2.3:a:netapp:oncommand_shift:-:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::* cpe:2.3:a:netapp:oncommand_balance:-:::::::* cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::* cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:::::::* cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
References	~~() http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html -~~	() http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html - Exploit
References	~~() http://www.securityfocus.com/bid/100901 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/100901 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1039392 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1039392 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://access.redhat.com/errata/RHSA-2017:3080 -~~	() https://access.redhat.com/errata/RHSA-2017:3080 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:3081 -~~	() https://access.redhat.com/errata/RHSA-2017:3081 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:3113 -~~	() https://access.redhat.com/errata/RHSA-2017:3113 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:3114 -~~	() https://access.redhat.com/errata/RHSA-2017:3114 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0465 -~~	() https://access.redhat.com/errata/RHSA-2018:0465 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0466 -~~	() https://access.redhat.com/errata/RHSA-2018:0466 - Third Party Advisory
References	~~() https://github.com/breaktoprotect/CVE-2017-12615 -~~	() https://github.com/breaktoprotect/CVE-2017-12615 - Exploit, Third Party Advisory
References	~~() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E - Issue Tracking, Mailing List
References	~~() https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E -~~	() https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E - Mailing List
References	~~() https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://security.netapp.com/advisory/ntap-20171018-0001/ -~~	() https://security.netapp.com/advisory/ntap-20171018-0001/ - Third Party Advisory
References	~~() https://www.exploit-db.com/exploits/42953/ -~~	() https://www.exploit-db.com/exploits/42953/ - Third Party Advisory, VDB Entry
References	~~() https://www.synology.com/support/security/Synology_SA_17_54_Tomcat -~~	() https://www.synology.com/support/security/Synology_SA_17_54_Tomcat - Third Party Advisory
First Time		Redhat enterprise Linux For Scientific Computing Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Eus Compute Node Redhat jboss Enterprise Web Server Text-only Advisories Redhat enterprise Linux Server Redhat enterprise Linux For Ibm Z Systems Eus Netapp oncommand Shift Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux Server Tus Redhat enterprise Linux Workstation Netapp 7-mode Transition Tool Redhat enterprise Linux For Power Big Endian Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Aus Redhat jboss Enterprise Web Server Redhat enterprise Linux For Power Big Endian Redhat enterprise Linux Eus Netapp Netapp oncommand Balance Redhat Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Desktop

8.1 /10