CVE-2017-12615
Apache Tomcat on Windows Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
99.6%
p100
KEV
SÍ
25 mar 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
99.6%EPSS · 30 días99.6%
2026-06-302026-07-16
Producto
Apache / Tomcat
Vulnerabilidad
Apache Tomcat on Windows Remote Code Execution Vulnerability
Añadido a KEV
25 mar 2022
Remediar antes de
15 abr 2022
Uso conocido en ransomware
Sí
Descripción resumida
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2017-12615
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2017-12617—100.0%
KEV—80Apache Tomcat Remote Code Execution Vulnerability—CVE-2025-24813—100.0%
KEV—80Apache Tomcat Path Equivalence Vulnerability—CVE-2020-1938—99.9%
KEV—80Apache Tomcat Improper Privilege Management Vulnerability—CVE-2016-8735—99.8%
KEV—80Apache Tomcat Remote Code Execution Vulnerability—