CVE-2017-12617 in Retail Convenienceinfo

Summary

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

08/07/2017

Disclosure

10/03/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
121837	Oracle Retail Convenience/Fuel POS Software OPT Server unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
121695	Oracle FMW Platform Common Components unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
116794	Oracle Retail Order Broker Upgrade Install unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
116686	Oracle WebCenter Sites Advanced UI unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
116684	Oracle Management Pack for GoldenGate Monitor unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
116636	Oracle Financial Services Analytical Applications Infrastructure unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
116601	Oracle Instantis EnterpriseTrack Web Server unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
112162	Oracle Transportation Management Install unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
112161	Oracle Agile PLM Apache Tomcat unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
112136	Oracle MICROS Retail XBRi Loss Prevention Apache Tomcat unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
112088	Oracle MySQL Enterprise Monitor Monitoring unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
112045	Oracle Hospitality Guest Access Apache Tomcat unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
112038	Oracle Health Sciences Empirica Inspections Apache Tomcat unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
112020	Oracle Tuxedo System/Applications Monitor tsam-General unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
112019	Oracle Endeca Information Discovery Integrator Apache Tomcat unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
111950	Oracle Database Apache Tomcat unrestricted upload	434	Attacked	Official fix	CVE-2017-12617
107411	Apache Tomcat JSP File unrestricted upload	434	Attacked	Official fix	CVE-2017-12617

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!