suse · CVE-2017-12617

Quick triage

Priority: medium Published: 2021-05-30 14:00:00 UTC Updated: 2026-04-17 16:01:10 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-12617 severity moderate: SUSE including 347 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 552 product×package rows across 40 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (40 product lines)): Known Affected 231, Fixed 203, Known Not Affected 118.

Description:

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

cvelogic Threat Intelligence