Description
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Remediation
References
http://www.securitytracker.com/id/1039392
http://www.securityfocus.com/bid/100901
https://www.exploit-db.com/exploits/42953/
https://security.netapp.com/advisory/ntap-20171018-0001/
https://github.com/breaktoprotect/CVE-2017-12615
http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
https://access.redhat.com/errata/RHSA-2018:0465
https://access.redhat.com/errata/RHSA-2018:0466
https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
https://access.redhat.com/errata/RHSA-2017:3080
https://access.redhat.com/errata/RHSA-2017:3081
https://access.redhat.com/errata/RHSA-2017:3113
https://access.redhat.com/errata/RHSA-2017:3114
https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Related Vulnerabilities
CVE-2023-27564 Vulnerability in npm package n8n
CVE-2021-36774 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2022-22963 Vulnerability in maven package org.springframework.cloud:spring-cloud-function-core
CVE-2020-2258 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-jenkins-advisor