CVE-2017-12615 - Apache Tomcat on Windows Remote Code Execution Vulnerability
Project:Apache
Product:Tomcat
Date Added:2022-03-25Due Date:2022-04-15
Vulnerability Name
Apache Tomcat on Windows Remote Code Execution Vulnerability
Description
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-12615