Code execution vulnerability (CVE-2017-12617) has been patched in Apache Tomcat

  • 205
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    206
    Shares

The Apache Tomcat team published that all versions of Tomcat before 9.0.1 (Beta), 8.5.23, 8.0.47 and 7.0.82 contain a possibly critical remote code execution (RCE) flaw on all operating systems if the default servlet is configured with the parameter read-only set to false or the WebDAV servlet is allowed with the parameter read-only set to false.

To exploit this flaw, an attacker needs to upload a malicious crafted JSP file to a targeted server running an affected version of Apache Tomcat, and the code in the malicious JSP file will be executed by the server when the file is accessed via an HTTP client (e.g. web browser).

According to Peter Stöckli of Alphabot Security:
This configuration would allow any unauthenticated user to upload files (as used in WebDAV). It was discovered that the filter that prevents the uploading of JavaServer Pages (.jsp) can be circumvented. So JSPs can be uploaded, which then can be executed on the server, now since this feature is typically not wanted, most publicly exposed system won’t have readonly set to false and are thus not affected.

Users are recommended to install the software updates ASAP and are recommended to enable only trusted users to have network access as well as monitor affected systems.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Latest posts by Unallocated Author (see all)

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply