Miggo Logo
Miggo Vulnerability Database
CVE-2017-12615

CVE-2017-12615:
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server

8.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-12615
GHSA ID
GHSA-pjfr-qf3p-3q25
EPSS Score
0.99954%
CWE
CWE-434
Published
10/17/2018
Updated
7/16/2024
KEV Status
Yes
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat.embed:tomcat-embed-coremaven>= 7.0.0, < 7.0.797.0.79

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

W**n runnin* *p**** Tom**t *.*.* to *.*.** on Win*ows wit* *TTP PUTs *n**l** (*.*. vi* s*ttin* t** r***only initi*lis*tion p*r*m*t*r o* t** ****ult to **ls*) it w*s possi*l* to uplo** * JSP *il* to t** s*rv*r vi* * sp**i*lly *r**t** r*qu*st. T*is JSP

Reasoning

No *n*lysis *v*il**l*