[Metasploit] Exploit Apache Tomcat RCE Vulnerablity CVE-2017-12617
CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0
Apache Tomcat 8.5.0 to 8.5.22
Apache Tomcat 8.0.0.RC1 to 8.0.46
Apache Tomcat 7.0.0 to 7.0.81
Description:
When running with HTTP PUTs enabled (e.g. via setting the readonly initialization parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Mitigation:
Users of the affected versions should apply one of the following mitigations:
– Upgrade to Apache Tomcat 9.0.1 or later
– Upgrade to Apache Tomcat 8.5.23 or later
– Upgrade to Apache Tomcat 8.0.47 or later
– Upgrade to Apache Tomcat 7.0.82 or later
Exploit
- Download tomcat_jsp_upload_bypass.rb module
- Move this module to /usr/share/metasploit-framework/modules/exploit/multi/http/ directory.
- Run Metasploit and start your pentesting.
Demo
Reference:
