Описание
An remote code-execution vulnerability was found in Apache Tomcat. These vulnerability can be exploited remotely via a specially designed HTTP request. By exploiting these vulnerability malicious users can remotely execute arbitrary code in the context of the affected application.
Technical details
This vulnerablity only affects systems with HTTP PUTs enabled, it could be exploited to upload a malicious JSP file to a targeted server.
Первичный источник обнаружения
- Apache Tomcat 8 vulnerabilities
Apache Tomcat 8.5 vulnerabilities
Apache Tomcat 9 vulnerabilities
Apache Tomcat 7 vulnerabilities
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
Список CVE
- CVE-2017-12617 critical
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com