Converged security and networking to securely connect any user, device, or site to any workload or application.

Versa Secure Access Fabric Versa Zero Trust Everywhere Versa Titan Versa SASE Architecture Versa AI
Security Service Edge (SSE)

Secure user access to the web, cloud services, and private applications

Versa Secure Private Access

Zero Trust Network Access (ZTNA)

Versa Secure Internet Access

Secure Web Gateway (SWG) Firewall-as-a-Service (FWaaS) Cloud Access Security Broker (CASB) Data Loss Prevention (DLP) Remote Browser Isolation (RBI)

Versa Zero Trust - Premises

Secure Networking

Software-defined networking solutions with security built-in

Versa Secure SD-WAN Versa Secure SD-NIC Versa Secure SD-LAN Versa Routing Product Component
Solution Overview Work-from-Home Solutions WAN Edge Solutions Secure SD-WAN Security Routing Lean IT Solutions
Industry Solutions Architecture Education Energy & Utilities Engineering & Construction Federal Government Financial Services Healthcare Hospitality
  Legal Manufacturing Public Sector Retail Satellite ISP Technology Transportation
SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

Try It Now
Our Customers Customer Acclaim Customer Videos Customer Support
Case Studies Top Energy Firm Global Satellite Provider Global Pharmaceutical Company Large Food Retailer National Dental Practice Global Retailer Global Financial Services Firm
  Global Credit Card Payments Company Cloud/SaaS Digital Marketing Firm McLaren Racing Limited Leading Media and Communications Service Provider Fortune 500 Financial Services Company
Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

Case Study
Partner Overview Program Summary Technology Partners Microsoft Azure Google Cloud Dell Technologies
Titan for Partners Find a Partner Become a Partner Partner Portal
 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

Read the Report
What’s New SASE ROI Calculator Analyst Reports Webinars
Videos Datasheets Solution Briefs White Papers & eBooks
Certificates Versatility 2023 Product Documentation Versa Academy
Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Read the Report
Company Overview Leadership Team Our Investors Awards Contact Us
News Latest News Press Releases Media Coverage Events
Careers Current Openings Life at Versa Cultural Values
Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Watch the Video
Secure Access Service Edge What are the Major SASE Components? What is Secure Web Gateway? What is ZTNA? What is CASB?
A Quick Introduction to SASE Architecture How to Adopt SASE Primary SASE Challenges Network Transformation with 5G
Why is SASE Necessary? What Kind of Company Should Use SASE? What are the Primary SASE Benefits? How Can SASE Help You and Your Organization?
Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.

Read the Brief
What is SD-WAN? SD-WAN Tutorial SD-WAN Technology Choosing a Vendor
Hybrid WAN Cloud WAN IDS/IPS
 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

Read the Brief

The Versa Networks Blog

Research Lab

Apache Tomcat Remote Code Execution Vulnerability (CVE-2017-12617)

versa-staff
By Versa Staff
Versa Networks
October 18, 2017

Several Security Vulnerability have been patched in recently in Apache Tomcat. The list of fixed flaws recently addressed also included code execution vulnerabilities.
Apache Tomcat is the most widely used web application server, with over one million downloads per month and over 70% penetration in the enterprise datacenter.

The Apache Tomcat development team publicly disclosed the presence of a remote code execution vulnerability, tracked as CVE-2017-12617, affecting the popular web application server.

The Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 are affected. The vulnerability is classified as “important” severity, has been fixed in latest version.

About CVE-2017-12617

The vulnerability only affected systems that have the HTTP PUT method enabled, it could be exploited by attackers to upload a malicious JSP file to target server using specially crafted request. Once file uploaded, the code it contains could be executed by requesting the file.

About Exploit

The Apache Tomcat team confirm that all above mentioned tomcat version are vulnerable for dangerous remote code execution (RCE) vulnerability on all operating system if default servlet or WebDAV servlet is enabled with the parameter readonly set to false.

<init-param>

        <param-name>readonly</param-name>

        <param-value>false</param-value>

     </init-param>

The Exploit available publically: https://github.com/cyberheartmi9/CVE-2017-12617/

This exploit is sending special crafted HTTP put request with JSP as payload to a Tomcat server. The code is executed when the uploaded JSP is accessed via a web browser (IE, Firefox and Chrome)

Mitigation

Update Tomcat to latest version where the vulnerability is fixed.
The readonly init-param should not be set to false.


Versa Security Solutions

Versa has released the following rules to address this vulnerability. However, more rules may be added or the current rules may change depending on the additional vulnerabilities information available.

Versa Signature ID

Rule Name

1171002010

Apache Tomcat HTTP PUT Windows Remote Code Execution

Topics



Recent Posts

Versa Security Research Team
Versa Security Bulletin: Palo Alto Networks PAN-OS GlobalProtect Zero-Day Vulnerability under Active Exploitation
By Versa Security Research Team
April 19, 2024
Brad LaPorte, Gartner Veteran and Industry Expert, Lionfish Tech Advisors & Jon Taylor, Director and Principal of Security, Versa Networks
Data Defense in Depth: Unifying Data Protection and Zero Trust through SASE for Ultimate Data Protection with Versa Networks
By Brad LaPorte, Gartner Veteran and Industry Expert, Lionfish Tech Advisors & Jon Taylor, Director and Principal of Security, Versa Networks
April 17, 2024
Jon Taylor
CyberRatings.org Recommends Versa Networks as a Top Tier Next Generation Firewall for Cloud Deployments
By Jon Taylor
April 3, 2024
Versa Security Research Team
Versa Security Bulletin: ConnectWise ScreenConnect Authentication Bypass and Path-Traversal Vulnerabilities
By Versa Security Research Team
March 8, 2024
Versa Security Research Team
Versa Security Bulletin: Volt Typhoon Exploitation of N-Day and Zero-Day Vulnerabilities
By Versa Security Research Team
February 28, 2024


Top Tags


Gartner Research Report

Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.