VYPR
High severity8.1CISA KEVNVD Advisory· Published Oct 4, 2017· Updated Jun 17, 2026

CVE-2017-12617

CVE-2017-12617

Description

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcat-catalinaMaven
>= 9.0.0.M1, < 9.0.19.0.1
org.apache.tomcat:tomcat-catalinaMaven
>= 8.5.0, < 8.5.238.5.23
org.apache.tomcat:tomcat-catalinaMaven
>= 8.0.0-RC1, < 8.0.478.0.47
org.apache.tomcat:tomcat-catalinaMaven
>= 7.0.0, < 7.0.827.0.82
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 9.0.0.M1, < 9.0.19.0.1
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 8.5.0, < 8.5.238.5.23
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 8.0.0-RC1, < 8.0.478.0.47
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 7.0.0, < 7.0.827.0.82

Affected products

166
  • cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
    Range: >=7.0.0,<7.0.82
  • cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*+ 1 more
    • cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*range: >=9.5
    • cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*range: >=7.3
  • cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
    Range: >=7.3.3.0.0,<=7.3.5.3.0
  • cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:management_pack:11.2.1.0.13:*:*:*:*:goldengate:*:*
  • cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
    Range: <=3.3.6.3293
  • cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:retail_back_office:14.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_back_office:14.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:retail_central_office:14.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_central_office:14.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_eftlink:1.1.124:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:retail_eftlink:1.1.124:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_eftlink:15.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_eftlink:16.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_insights:14.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:retail_insights:14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_insights:14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_insights:15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_broker:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_order_management_system:4.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:retail_order_management_system:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_management_system:4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_management_system:4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_management_system:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:retail_point-of-service:14.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_point-of-service:14.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_price_management:12.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:oracle:retail_price_management:12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_price_management:13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_price_management:13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0.4:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:retail_returns_management:14.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_returns_management:14.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_returns_management:2.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_returns_management:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:13.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:13.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:13.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:15.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:16.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_xstore_point_of_service:6.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tuxedo_system_and_applications_monitor:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • ghsa-coords15 versions
    >= 9.0.0.M1, < 9.0.1+ 14 more
    • (no CPE)range: >= 9.0.0.M1, < 9.0.1
    • (no CPE)range: >= 9.0.0.M1, < 9.0.1
    • (no CPE)range: < 10.1.14-1.1
    • (no CPE)range: < 9.0.36-8.4
    • (no CPE)range: < 6.0.53-0.57.19.1
    • (no CPE)range: < 6.0.53-0.57.19.1
    • (no CPE)range: < 8.0.43-10.24.1
    • (no CPE)range: < 8.0.43-29.5.1
    • (no CPE)range: < 8.0.43-29.5.1
    • (no CPE)range: < 7.0.82-7.16.1
    • (no CPE)range: < 8.0.43-29.5.1
    • (no CPE)range: < 8.0.43-10.24.1
    • (no CPE)range: < 8.0.43-29.5.1
    • (no CPE)range: < 8.0.43-29.5.1
    • (no CPE)range: < 8.0.43-10.24.1

Patches

Vulnerability mechanics

References

89

News mentions

0

No linked articles in our index yet.