Wednesday, October 18, 2017

CVE-2017-12615

Wapack labs observed a recent Common Vulnerabilities and Exploit (CVE), CVE-2017-12615, being discussed in a Romanian hacker forum. A moderator on the forum posted an explanation of the exploit, a link to the National Vulnerability Database, and a GitHub link documenting how to weaponize the exploit in the Metasploit-framework. CVE-2017-12615 is assessed with a high severity rating (8.1/10) as it allows an attacker unauthorized modification to Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled. HTTP PUT places a file or resource at a specific URI, and exactly at that URI. If there is already a file or resource at that URI, PUT replaces that file or resource. If there is no file or resource there, PUT will create one. PUT is idempotent, but, paradoxically, PUT responses are not cacheable. Successful exploitation enables an attacker to upload a JSP file, request the file and execute its contents to gain remote access to the system. Wapack Labs is providing this report to Red Sky Alliance members for situation awareness. With the CVE and methods being posted in the wild, hackers may be more likely to attempt this attack. Wapack Labs recommends all Red Sky Members who use Apache Tomcat apply a security update and ask their Red Team members to test network assets to ensure the patch updated correctly...READ MORE

Wapack Labs has cataloged and reported CVEs in the past. An archive of related reporting can be found in the Red Sky Alliance portal.