CVE-2017-12615: Technical Deep-Dive (Auto Refreshed)

Generated on 2026-03-31T17:24:00.590Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).

Executive Technical Summary

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

• Context preserved from previous revision: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Notes: 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Technical Details

• CVE: CVE-2017-12615
• KEV date added: 2022-03-25
• KEV due date: 2022-04-15
• NVD published: Unknown
• NVD modified: Unknown
• MITRE modified: 2025-10-21
• CVSS base score: N/A
• CVSS vector: N/A
• CVSS exploitability score: N/A
• CVSS impact score: N/A
• Attack vector: Unknown
• Attack complexity: Unknown
• Privileges required: Unknown
• User interaction: Unknown
• Scope: Unknown
• Confidentiality impact: Unknown
• Integrity impact: Unknown
• Availability impact: Unknown

Versions and Products Impacted

• Apache Software Foundation / Apache Tomcat (versions: 7.0.0 to 7.0.79)

Weakness Classification

• Remote Code Execution
• CWE-434

Repositories for Lab Validation (Public Examples)

• No public repository matched this CVE query in the current run.

People and Organizations Mentioned

• apache
• Tomcat

Practical Defensive Validation (Authorized Only)

1. Use only isolated environments and systems you own or are explicitly authorized to test.
2. Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
3. Use Apache Software Foundation / Apache Tomcat (versions: 7.0.0 to 7.0.79) in isolated VM snapshots (vulnerable vs patched) and compare process tree telemetry before/after updates.
4. Validate command-execution prevention policies (AppLocker/WDAC/EDR) with harmless test binaries only.
5. Create SIEM detections for suspicious parent-child chains, encoded command usage, and abnormal service creation.

References

• NVD record: https://nvd.nist.gov/vuln/detail/CVE-2017-12615
• MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2017-12615
• CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
• KEV notes: https://nvd.nist.gov/vuln/detail/CVE-2017-12615
• https://access.redhat.com/errata/RHSA-2017:3113
• https://access.redhat.com/errata/RHSA-2017:3080
• http://www.securitytracker.com/id/1039392
• https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E
• https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
• https://access.redhat.com/errata/RHSA-2018:0465
• http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
• https://access.redhat.com/errata/RHSA-2017:3114
• http://www.securityfocus.com/bid/100901
• https://access.redhat.com/errata/RHSA-2018:0466
• https://www.exploit-db.com/exploits/42953/
• https://security.netapp.com/advisory/ntap-20171018-0001/
• https://github.com/breaktoprotect/CVE-2017-12615
• https://access.redhat.com/errata/RHSA-2017:3081
• https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

This content is for defensive security training and authorized validation only.