{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T23:58:15.096","vulnerabilities":[{"cve":{"id":"CVE-2017-12615","sourceIdentifier":"security@apache.org","published":"2017-09-19T13:29:00.190","lastModified":"2026-04-21T17:04:04.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."},{"lang":"es","value":"Cuando se ejecuta Apache Tomcat en sus versiones 7.0.0 a 7.0.79 en Windows con HTTP PUT habilitado (por ejemplo, estableciendo el parámetro de inicialización de solo lectura del Default en \"false\") fue posible subir un archivo JSP al servidor mediante una petición especialmente manipulada. Este archivo JSP podría ser solicitado y cualquier código que contenga podría ser ejecutado por el servidor."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2022-03-25","cisaActionDue":"2022-04-15","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Apache Tomcat on Windows Remote Code Execution Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.79","matchCriteriaId":"0A3F5425-BA5F-411C-BA1D-FFC3D2EBF93D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*","matchCriteriaId":"7EF6650C-558D-45C8-AE7D-136EE70CB6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","matchCriteriaId":"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*","matchCriteriaId":"3BD81527-A341-42C3-9AB9-880D3DB04B08"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*","matchCriteriaId":"E3A36AEE-5842-4876-9C2F-E703C981C992"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*","matchCriteriaId":"CB70A2F8-EAB3-4898-9353-F679FF721C82"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*","matchCriteriaId":"EB3AC848-C2D0-4878-8619-F5815173555D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"681173DF-537E-4A64-8FC7-75F439CCAD0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8E2F2F98-DB90-43F6-8F28-3656207B6188"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*","matchCriteriaId":"08E5BFFC-F3E0-43E6-BA40-81B2A8B7CC01"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*","matchCriteriaId":"46DD0CA2-3786-4E97-A60C-5043FDDBCB86"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*","matchCriteriaId":"55E4609A-C986-4041-A528-1B4B37E1F6F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*","matchCriteriaId":"92BDD126-A468-47D9-A468-6E229D75939D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*","matchCriteriaId":"6DAA8C42-870A-42B4-AE9F-7C67F4122ED3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"2148300C-ECBD-4ED5-A164-79629859DD43"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*","matchCriteriaId":"B908AEF5-67CE-42D4-961D-C0E7ADB78ADD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*","matchCriteriaId":"0F8EB695-5EA3-46D2-941E-D7F01AB99A48"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*","matchCriteriaId":"1E1DB003-76B8-4D7B-A6ED-5064C3AE1C11"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*","matchCriteriaId":"8BCF87FD-9358-42A5-9917-25DF0180A5A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*","matchCriteriaId":"9B8B2E32-B838-4E51-BAA2-764089D2A684"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*","matchCriteriaId":"4319B943-7B19-468D-A160-5895F7F997A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*","matchCriteriaId":"39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*","matchCriteriaId":"8036E2AE-4E44-4FA5-AFFB-A3724BFDD654"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"7A584AAA-A14F-4C64-8FED-675DC36F69A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"E9A24D0C-604D-4421-AFA6-5D541DA2E94D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"3A2E3637-B6A6-4DA9-8B0A-E91F22130A45"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"F81F859C-DA89-4D1E-91D3-A000AD646203"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"418488A5-2912-406C-9337-B8E85D0C2B57"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*","matchCriteriaId":"37CE1DC7-72C5-483C-8921-0B462C8284D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"A70DB420-5485-4820-9F1C-3F78A6219984"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"D9942F96-A8C1-4281-82C5-BB9D9C50A6CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"5325286E-F11D-4713-B666-5D7A4F65B326"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"CC6A25CB-907A-4D05-8460-A2488938A8BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D5F7E11E-FB34-4467-8919-2B6BEAABF665"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html","source":"security@apache.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/100901","source":"security@apache.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039392","source":"security@apache.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3080","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3081","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3113","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3114","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0465","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0466","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://github.com/breaktoprotect/CVE-2017-12615","source":"security@apache.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Patch"]},{"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Patch"]},{"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Patch"]},{"url":"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E","source":"security@apache.org","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","source":"security@apache.org","tags":["Mailing List"]},{"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Patch"]},{"url":"https://security.netapp.com/advisory/ntap-20171018-0001/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/42953/","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/100901","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039392","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3080","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3081","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3114","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0465","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0466","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/breaktoprotect/CVE-2017-12615","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://security.netapp.com/advisory/ntap-20171018-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/42953/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}