Versa Blog

Research Lab

Apache Tomcat Remote Code Execution Vulnerability (CVE-2017-12617)

versa-staff
By Versa Staff
Versa Networks
October 18, 2017

Several Security Vulnerability have been patched in recently in Apache Tomcat. The list of fixed flaws recently addressed also included code execution vulnerabilities.
Apache Tomcat is the most widely used web application server, with over one million downloads per month and over 70% penetration in the enterprise datacenter.

The Apache Tomcat development team publicly disclosed the presence of a remote code execution vulnerability, tracked as CVE-2017-12617, affecting the popular web application server.

The Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 are affected. The vulnerability is classified as “important” severity, has been fixed in latest version.

About CVE-2017-12617

The vulnerability only affected systems that have the HTTP PUT method enabled, it could be exploited by attackers to upload a malicious JSP file to target server using specially crafted request. Once file uploaded, the code it contains could be executed by requesting the file.

About Exploit

The Apache Tomcat team confirm that all above mentioned tomcat version are vulnerable for dangerous remote code execution (RCE) vulnerability on all operating system if default servlet or WebDAV servlet is enabled with the parameter readonly set to false.

<init-param>

        <param-name>readonly</param-name>

        <param-value>false</param-value>

     </init-param>

The Exploit available publically: https://github.com/cyberheartmi9/CVE-2017-12617/

This exploit is sending special crafted HTTP put request with JSP as payload to a Tomcat server. The code is executed when the uploaded JSP is accessed via a web browser (IE, Firefox and Chrome)

Mitigation

Update Tomcat to latest version where the vulnerability is fixed.
The readonly init-param should not be set to false.


Versa Security Solutions

Versa has released the following rules to address this vulnerability. However, more rules may be added or the current rules may change depending on the additional vulnerabilities information available.

Versa Signature ID

Rule Name

1171002010

Apache Tomcat HTTP PUT Windows Remote Code Execution

Recent Posts

Rahul Mehta
Securing the Open Source Supply Chain: A Network-Centric Approach
By Rahul Mehta
April 15, 2025
Dan Maier
Versatility 2025: Charting the Path to the AI-Native Enterprise
By Dan Maier
April 14, 2025
Dhiraj Sehgal
How to Secure Private Applications with a Visibility-First ZTNA Approach
By Dhiraj Sehgal
April 10, 2025
Sambuj Dhara
Does Identity Security Play a Role in SASE?
By Sambuj Dhara
March 27, 2025
Kevin Sheu
Six Ways Agentic AI Will Transform Networking and Security
By Kevin Sheu
March 24, 2025


Topics



Top Tags

5G NetworkAccoladesAdvanced Threat ProtectionAIApplianceAWSbranch officesCASBCloud deploymentsCloud migrationCloud securityCloud-hosted WorkloadsComplianceCOVID-19cyber securitydata breachesdata securityDeep Packet InspectionDIADigital TransformationDLPGartnerHTTPIdentityInternet of ThingsIoTIPSecLTEMachine LearningMalwareMicro-SegmentationMicrosoftModern NetworkModern Secure NetworkMPLSMulti-TenancyNext Generation FirewallPartner ProgramPatch TuesdayRansomewareSASESD-WANSD-WAN ArchitectureSDWANSecure Internet AccessSecure Remote AccessSecuritySecurity BulletinSolarwindsSSESWGTCP OptimizationThreat DetectionTraffic SteeringTrainingUnified SASEUS-CERTVersaVersa SASEVersa Secure SD-WANVersa TitanVersatility ConferenceVPN AlternativeWAN EdgewebinarWFHWork From HomeZero TrustZero Trust EverywhereZero Trust Network Access (ZTNA)ZTNA vs VPN

Gartner Research Report

2024 Gartner® Magic QuadrantTM for SD-WAN

For the fifth year in a row, Versa has been positioned as a Leader in the Gartner Magic Quadrant for SD-WAN. We are one of only three recognized vendors to be in the Gartner Magic Quadrant reports for SD-WAN, Single-Vendor SASE, and Security Service Edge.