Blogs
ggenard
Staff
Staff

What is CVE-2017-12615? 

CVE-2017-12615 is a critical vulnerability identified in Apache Tomcat versions 7.0.0 to 7.0.79 running on Windows systems. This vulnerability arises when HTTP PUTs are enabled by setting the `readonly` initialization parameter of the Default servlet to `false`. It permits the unauthorized upload and execution of JSP files via specially crafted requests, leading to potential remote code execution on the server. 

 

CVE-2017-12615 is a critical vulnerability found in Apache Tomcat versions 7.0.0 to 7.0.79 operating on Windows systems. This vulnerability is triggered when HTTP PUT requests are enabled by configuring the “readonly” initialization parameter of the Default servlet to “false”. Exploiting this flaw allows attackers to upload malicious JSP files through carefully crafted requests, thereby gaining unauthorized execution privileges on the server. This could potentially lead to remote code execution, posing serious security risks to the affected system. 

 

The Importance of Securing Apache Tomcat 

Apache Tomcat serves as a cornerstone for hosting Java-based applications, playing a pivotal role in numerous IT infrastructures worldwide. Its widespread adoption underscores its importance in supporting web applications and services, making it essential for organizations to prioritize its security. 

Securing Apache Tomcat servers against vulnerabilities such as CVE-2017-12615 is paramount to mitigate the risk of exploitation by malicious actors. This vulnerability, which allows attackers to execute unauthorized HTTP PUT requests by manipulating the readonly parameter of the Default servlet, poses a significant threat. Exploiting CVE-2017-12615 enables attackers to upload and execute malicious JSP files, potentially leading to remote code execution and compromising the integrity and confidentiality of data stored on the server. 

By implementing robust security measures, including timely patching, proper configuration management, and monitoring for anomalous activities, organizations can effectively safeguard their Apache Tomcat deployments. This proactive approach not only helps prevent attackers from leveraging vulnerabilities to execute malicious code but also strengthens overall cybersecurity posture. It ensures the continued reliability and security of Apache Tomcat servers, thereby supporting uninterrupted operations and maintaining the trust of users and stakeholders alike. 

 

How Critical is CVE-2017-12615 

CVE-2017-12615's severity is underscored by its inclusion in CISA's Known Exploited Vulnerabilities Catalog, emphasizing the urgent need for organizations to promptly address it. This vulnerability enables attackers to exploit Apache Tomcat versions 7.0.0 to 7.0.79 on Windows systems by disabling the “readonly” parameter of the Default servlet, allowing them to upload and execute arbitrary JSP files. This capability poses a significant security risk, potentially leading to unauthorized access, data compromise, and even remote code execution(RCE) on the affected server. Addressing CVE-2017-12615 through timely remediation, such as applying patches and implementing necessary security measures, is critical to mitigating potential threats and ensuring the integrity and security of Apache Tomcat deployments. 

 

First Step to Mitigating the Risks of CVE-2017-12615 

To mitigate CVE-2017-12615, it is advisable to upgrade to Apache Tomcat version 7.0.81 or later. These updated versions include essential patches that mitigate the vulnerability by disabling the vulnerable HTTP PUT functionality by default. It is crucial for organizations to take immediate action to update their affected systems. This proactive step helps prevent potential exploits and enhances the security of Apache Tomcat deployments, safeguarding against unauthorized JSP file uploads and potential remote code execution. 

 

FortiWeb Protection

FortiWeb provides enhanced security measures to protect web applications like those running on Apache Tomcat. Implementing FortiWeb's Web Application Firewall (WAF) can help detect and block attempts to exploit vulnerabilities such as CVE-2017-12615. FortiWeb's advanced capabilities ensure continuous monitoring and defense against emerging threats, thereby safeguarding critical applications and data. 

 

Conclusion 

The discovery of CVE-2017-12615 highlights the critical need for continuous monitoring and timely application of security patches in web application environments. Organizations using affected versions of Apache Tomcat should upgrade immediately to secure their systems against potential breaches. FortiWeb remains committed to delivering robust security solutions to protect against such vulnerabilities. 

 

For more detailed guidance on addressing CVE-2017-12615 and enhancing your security posture, refer to the official Apache Tomcat security advisories and  

FortiGuard Outbreak Reference:  

PSIRT | FortiGuard Labs.