Secure Access Service Edge, or SASE, is an emerging cybersecurity concept. In this video, you understand how the key capabilities of SASE address the demands of growing network sprawl and the challenges of digitally transforming your business.
Several Security Vulnerability have been patched in recently in Apache Tomcat. The list of fixed flaws recently addressed also included code execution vulnerabilities.
Apache Tomcat is the most widely used web application server, with over one million downloads per month and over 70% penetration in the enterprise datacenter.
The Apache Tomcat development team publicly disclosed the presence of a remote code execution vulnerability, tracked as CVE-2017-12617, affecting the popular web application server.
The Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 are affected. The vulnerability is classified as “important” severity, has been fixed in latest version.
The vulnerability only affected systems that have the HTTP PUT method enabled, it could be exploited by attackers to upload a malicious JSP file to target server using specially crafted request. Once file uploaded, the code it contains could be executed by requesting the file.
The Apache Tomcat team confirm that all above mentioned tomcat version are vulnerable for dangerous remote code execution (RCE) vulnerability on all operating system if default servlet or WebDAV servlet is enabled with the parameter readonly set to false.
The Exploit available publically: https://github.com/cyberheartmi9/CVE-2017-12617/
This exploit is sending special crafted HTTP put request with JSP as payload to a Tomcat server. The code is executed when the uploaded JSP is accessed via a web browser (IE, Firefox and Chrome)
Update Tomcat to latest version where the vulnerability is fixed.
The readonly init-param should not be set to false.
Versa Security Solutions
Versa has released the following rules to address this vulnerability. However, more rules may be added or the current rules may change depending on the additional vulnerabilities information available.
Versa Signature ID
Apache Tomcat HTTP PUT Windows Remote Code Execution
Versa Networks, VOS, and Versa Titan are or may be registered trademarks of Versa Networks, Inc. All other marks and names mentioned herein may be trademarks of their respective companies.
Versa Networks, the leader in SASE, combines extensive security, advanced networking, full-featured SD-WAN, genuine multitenancy, and sophisticated analytics via the cloud, on-premises, or as a blended combination of both to meet SASE requirements for small to extremely large enterprises and Service Providers. Versa SASE is available on-premises, hosted through Versa-powered Service Providers, cloud-delivered, and via the simplified Versa Titan cloud service designed for Lean IT. Thousands of customers globally with hundreds of thousands of sites trust Versa with their networks, security, and clouds. Versa Networks is privately held and funded by Sequoia Capital, Mayfield, Artis Ventures, Verizon Ventures, Comcast Ventures, Liberty Global Ventures, Princeville Global Fund and RPS Ventures.