Known Exploited Vulnerability
8.1
HIGH
CVE-2017-12615
Apache Tomcat on Windows Remote Code Execution Vul - [Actively Exploited]
Description

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

INFO

Published Date :

Sept. 19, 2017, 1:29 p.m.

Last Modified :

Jan. 23, 2025, 3:34 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

2.2
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Required Action :

Apply updates per vendor instructions.

Notes :

https://nvd.nist.gov/vuln/detail/CVE-2017-12615

Public PoC/Exploit Available at Github

CVE-2017-12615 has a 97 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2017-12615 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Redhat enterprise_linux_desktop
2 Redhat enterprise_linux_server
3 Redhat enterprise_linux_workstation
4 Redhat enterprise_linux_server_aus
5 Redhat enterprise_linux_server_tus
6 Redhat enterprise_linux_eus
7 Redhat jboss_enterprise_web_server
8 Redhat enterprise_linux_for_ibm_z_systems_eus
9 Redhat enterprise_linux_for_power_big_endian_eus
10 Redhat enterprise_linux_for_power_little_endian
11 Redhat enterprise_linux_for_power_little_endian_eus
12 Redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
13 Redhat enterprise_linux_for_ibm_z_systems
14 Redhat enterprise_linux_for_power_big_endian
15 Redhat enterprise_linux_for_scientific_computing
16 Redhat enterprise_linux_eus_compute_node
17 Redhat enterprise_linux_server_update_services_for_sap_solutions
18 Redhat jboss_enterprise_web_server_text-only_advisories
1 Netapp oncommand_balance
2 Netapp oncommand_shift
3 Netapp 7-mode_transition_tool
1 Apache tomcat
1 Microsoft windows
: Total Affected Vendor : 4 | Products : 23
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-12615.

URL Resource
http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html Exploit
http://www.securityfocus.com/bid/100901 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039392 Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3080 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3081 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3113 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3114 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0465 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0466 Third Party Advisory
https://github.com/breaktoprotect/CVE-2017-12615 Exploit Third Party Advisory
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E Mailing List Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E Mailing List Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E Mailing List Patch
https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E Mailing List Patch
https://security.netapp.com/advisory/ntap-20171018-0001/ Third Party Advisory
https://www.exploit-db.com/exploits/42953/ Third Party Advisory VDB Entry
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat Third Party Advisory
http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html Exploit
http://www.securityfocus.com/bid/100901 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039392 Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3080 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3081 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3113 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3114 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0465 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0466 Third Party Advisory
https://github.com/breaktoprotect/CVE-2017-12615 Exploit Third Party Advisory
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E Mailing List Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E Mailing List Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E Mailing List Patch
https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E Mailing List Patch
https://security.netapp.com/advisory/ntap-20171018-0001/ Third Party Advisory
https://www.exploit-db.com/exploits/42953/ Third Party Advisory VDB Entry
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
ranhn/Goby-Poc

此次更新共包含1314个自定义gobypoc,是否含有后门和重复自行判断,如果无红队版,可直接poc管理处导入自定义poc即可,共计1314个。

Updated: 3 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : Jan. 8, 2025, 6:20 a.m. This repo has been linked 40 different CVEs too.
Profile Photo
ZapcoMan/TomcatScan

Tomcat 弱密码检测 与漏洞利用

Python

Updated: 1 week, 5 days ago
4 stars 0 fork 0 watcher
Born at : Jan. 3, 2025, 6:01 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
csbysj/Z5yUkptp

基于Docker-Compose的预构建漏洞环境设计源码 Docker-Compose 漏洞环境 Java Python Shell 该项目是一套基于Docker-Compose的预构建漏洞环境设计源码,涵盖了1684个文件,其中包括405个PNG图像文件、319个Markdown文档、218个YAML配置文件、68个Java源文件、67个Python脚本、62个Shell脚本、53个XML文件、34个PHP文件以及多个Dockerfile。该环境集成了Java, Python, Shell, PHP, HTML, JavaScript, CSS, Ruby等多种编程语言,旨在为安全研究提供易用的漏洞测试平台。

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Nov. 29, 2024, 4:05 a.m. This repo has been linked 127 different CVEs too.
Profile Photo
wudidwo/CVE-2017-12615-poc

None

Python

Updated: 2 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 19, 2024, 11:47 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
XiaomingX/awesome-poc-for-red-team

A curated collection of Proof of Concept (PoC) tools, scripts, and techniques designed for red team operations, penetration testing, and cybersecurity research. This repository focuses on providing practical resources for exploring vulnerabilities

attack cybersecurity exp hw penetration-testing poc red-team security-tools vulnerability-poc

Updated: 2 weeks ago
5 stars 2 fork 2 watcher
Born at : Nov. 17, 2024, 11:53 a.m. This repo has been linked 414 different CVEs too.
Profile Photo
J1ezds/Vulnerability-Wiki-page

这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目

HTML

Updated: 3 weeks, 1 day ago
1 stars 0 fork 0 watcher
Born at : Sept. 20, 2024, 3:27 a.m. This repo has been linked 214 different CVEs too.
Profile Photo
Duoduo-chino/ssrf-vul-for-new

ssrf-vul-for-new

Dockerfile PHP CSS Roff JavaScript HTML Twig Hack Shell PLpgSQL

Updated: 3 months, 1 week ago
3 stars 0 fork 0 watcher
Born at : Sept. 18, 2024, 9:41 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
lizhianyuguangming/TomcatScanPro

tomcat自动化漏洞扫描利用工具,支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含

hacker hackertools penetration-testing-tools scan scanner-web tomcat tools

Python

Updated: 1 week, 4 days ago
183 stars 16 fork 16 watcher
Born at : Aug. 29, 2024, 6:38 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
4ra1n/poc-runner

Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB

poc security vulnerability vulnerability-detection vulnerability-scanner web-security web-vulnerability-scanner

Batchfile Go ANTLR

Updated: 3 weeks ago
150 stars 17 fork 17 watcher
Born at : Aug. 26, 2024, 11:11 a.m. This repo has been linked 23 different CVEs too.
Profile Photo
kaizer168/Security-03-04

None

Updated: 5 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Aug. 26, 2024, 12:21 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
qiuluo-oss/Tiger

Tiger是一款在攻防演练中对目标资产重点系统指纹识别、精准漏扫的工具。是一款打点神器。

Updated: 2 weeks, 1 day ago
116 stars 7 fork 7 watcher
Born at : Aug. 18, 2024, 7:19 a.m. This repo has been linked 29 different CVEs too.
Profile Photo
ViP-staff-007/YongHuiCloud

永辉云

Updated: 6 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 22, 2024, 8:29 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
onewinner/VulToolsKit

红队武器库漏洞利用工具合集整理

HTML

Updated: 1 week, 4 days ago
436 stars 64 fork 64 watcher
Born at : June 27, 2024, 9:28 a.m. This repo has been linked 54 different CVEs too.
Profile Photo
q99266/saury-vulnhub

日积月累 漏洞库

Updated: 9 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : April 21, 2024, 5:03 a.m. This repo has been linked 28 different CVEs too.
Profile Photo
K3ysTr0K3R/CVE-2017-12615-EXPLOIT

None

Python

Updated: 10 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : March 18, 2024, 4:12 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-12615 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2017-12615 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Jan. 23, 2025

    Action Type Old Value New Value
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
    Added Reference http://www.securityfocus.com/bid/100901
    Added Reference http://www.securitytracker.com/id/1039392
    Added Reference https://access.redhat.com/errata/RHSA-2017:3080
    Added Reference https://access.redhat.com/errata/RHSA-2017:3081
    Added Reference https://access.redhat.com/errata/RHSA-2017:3113
    Added Reference https://access.redhat.com/errata/RHSA-2017:3114
    Added Reference https://access.redhat.com/errata/RHSA-2018:0465
    Added Reference https://access.redhat.com/errata/RHSA-2018:0466
    Added Reference https://github.com/breaktoprotect/CVE-2017-12615
    Added Reference https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
    Added Reference https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
    Added Reference https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
    Added Reference https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E
    Added Reference https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
    Added Reference https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
    Added Reference https://security.netapp.com/advisory/ntap-20171018-0001/
    Added Reference https://www.exploit-db.com/exploits/42953/
    Added Reference https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
  • Modified Analysis by [email protected]

    Jul. 16, 2024

    Action Type Old Value New Value
    Removed CVSS V3 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html No Types Assigned http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html Exploit
    Changed Reference Type http://www.securityfocus.com/bid/100901 Third Party Advisory, VDB Entry http://www.securityfocus.com/bid/100901 Broken Link, Third Party Advisory, VDB Entry
    Changed Reference Type http://www.securitytracker.com/id/1039392 Third Party Advisory, VDB Entry http://www.securitytracker.com/id/1039392 Broken Link, Third Party Advisory, VDB Entry
    Changed Reference Type https://access.redhat.com/errata/RHSA-2017:3080 No Types Assigned https://access.redhat.com/errata/RHSA-2017:3080 Third Party Advisory
    Changed Reference Type https://access.redhat.com/errata/RHSA-2017:3081 No Types Assigned https://access.redhat.com/errata/RHSA-2017:3081 Third Party Advisory
    Changed Reference Type https://access.redhat.com/errata/RHSA-2017:3113 No Types Assigned https://access.redhat.com/errata/RHSA-2017:3113 Third Party Advisory
    Changed Reference Type https://access.redhat.com/errata/RHSA-2017:3114 No Types Assigned https://access.redhat.com/errata/RHSA-2017:3114 Third Party Advisory
    Changed Reference Type https://access.redhat.com/errata/RHSA-2018:0465 No Types Assigned https://access.redhat.com/errata/RHSA-2018:0465 Third Party Advisory
    Changed Reference Type https://access.redhat.com/errata/RHSA-2018:0466 No Types Assigned https://access.redhat.com/errata/RHSA-2018:0466 Third Party Advisory
    Changed Reference Type https://github.com/breaktoprotect/CVE-2017-12615 No Types Assigned https://github.com/breaktoprotect/CVE-2017-12615 Exploit, Third Party Advisory
    Changed Reference Type https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E No Types Assigned https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch
    Changed Reference Type https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E No Types Assigned https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch
    Changed Reference Type https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E No Types Assigned https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch
    Changed Reference Type https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E No Types Assigned https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E Issue Tracking, Mailing List
    Changed Reference Type https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E No Types Assigned https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E Mailing List
    Changed Reference Type https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E No Types Assigned https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E Mailing List, Patch
    Changed Reference Type https://security.netapp.com/advisory/ntap-20171018-0001/ No Types Assigned https://security.netapp.com/advisory/ntap-20171018-0001/ Third Party Advisory
    Changed Reference Type https://www.exploit-db.com/exploits/42953/ No Types Assigned https://www.exploit-db.com/exploits/42953/ Third Party Advisory, VDB Entry
    Changed Reference Type https://www.synology.com/support/security/Synology_SA_17_54_Tomcat No Types Assigned https://www.synology.com/support/security/Synology_SA_17_54_Tomcat Third Party Advisory
    Changed CPE Configuration AND OR *cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.79:*:*:*:*:*:*:* OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* AND OR *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.79 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* *cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:* *cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added Reference Apache Software Foundation https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E [No types assigned]
    Added Reference Apache Software Foundation https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E [No types assigned]
    Added Reference Apache Software Foundation https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E [No types assigned]
    Added Reference Apache Software Foundation https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E [No types assigned]
    Added Reference Apache Software Foundation https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E [No types assigned]
    Added Reference Apache Software Foundation https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E [No types assigned]
    Removed Reference Apache Software Foundation https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E
    Removed Reference Apache Software Foundation https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
    Removed Reference Apache Software Foundation https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
    Removed Reference Apache Software Foundation https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
    Removed Reference Apache Software Foundation https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
    Removed Reference Apache Software Foundation https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
  • CVE Modified by [email protected]

    Feb. 13, 2020

    Action Type Old Value New Value
    Added Reference https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E [No Types Assigned]
  • CVE Modified by [email protected]

    Jan. 31, 2020

    Action Type Old Value New Value
    Added Reference https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E [No Types Assigned]
  • CVE Modified by [email protected]

    Apr. 15, 2019

    Action Type Old Value New Value
    Added Reference https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E [No Types Assigned]
  • CVE Modified by [email protected]

    Apr. 15, 2019

    Action Type Old Value New Value
    Added Reference https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 25, 2019

    Action Type Old Value New Value
    Added Reference https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 09, 2018

    Action Type Old Value New Value
    Added Reference https://access.redhat.com/errata/RHSA-2018:0466 [No Types Assigned]
    Added Reference https://access.redhat.com/errata/RHSA-2018:0465 [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 30, 2017

    Action Type Old Value New Value
    Added Reference https://www.synology.com/support/security/Synology_SA_17_54_Tomcat [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 02, 2017

    Action Type Old Value New Value
    Added Reference https://access.redhat.com/errata/RHSA-2017:3114 [No Types Assigned]
    Added Reference https://access.redhat.com/errata/RHSA-2017:3113 [No Types Assigned]
    Added Reference https://access.redhat.com/errata/RHSA-2017:3081 [No Types Assigned]
    Added Reference https://access.redhat.com/errata/RHSA-2017:3080 [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 11, 2017

    Action Type Old Value New Value
    Added Reference https://github.com/breaktoprotect/CVE-2017-12615 [No Types Assigned]
    Added Reference http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 10, 2017

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20171018-0001/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 05, 2017

    Action Type Old Value New Value
    Added Reference https://www.exploit-db.com/exploits/42953/ [No Types Assigned]
  • Initial Analysis by [email protected]

    Sep. 29, 2017

    Action Type Old Value New Value
    Added CVSS V2 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
    Added CVSS V3 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type http://www.securityfocus.com/bid/100901 No Types Assigned http://www.securityfocus.com/bid/100901 Third Party Advisory, VDB Entry
    Changed Reference Type https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E No Types Assigned https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E Issue Tracking, Mailing List, Vendor Advisory
    Changed Reference Type http://www.securitytracker.com/id/1039392 No Types Assigned http://www.securitytracker.com/id/1039392 Third Party Advisory, VDB Entry
    Added CWE CWE-434
    Added CPE Configuration AND OR *cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:7.0.79:*:*:*:*:*:*:* OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Sep. 22, 2017

    Action Type Old Value New Value
    Added Reference http://www.securitytracker.com/id/1039392 [No Types Assigned]
    Added Reference http://www.securityfocus.com/bid/100901 [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2017-12615 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2017-12615 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

96.55 }} -0.65%

score

0.99739

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: