CVE-2017-12615

This exploit demonstrates a bypass for CVE-2017-12615 by uploading a JSP file via a crafted HTTP PUT request to Apache Tomcat, achieving remote code execution. The PoC leverages misconfigured readonly settings in the Default servlet.

This repository contains a Python-based exploit tool for Tomcat vulnerabilities, including CVE-2017-12615 and CNVD-2020-10487, with features for weak credential brute-forcing, WAR file deployment, and remote code execution via JSP shells.

This repository contains a Java-based tool for exploiting multiple Tomcat vulnerabilities, including CVE-2017-12615 (PUT method file upload). It includes both a GUI and command-line interface for testing and exploiting vulnerabilities such as file upload, weak authentication, and AJP file read/inclusion.

This PoC demonstrates a file upload vulnerability in Apache Tomcat 7.0.0 to 7.0.79 on Windows, allowing remote code execution by bypassing file extension checks via a trailing '/' in the filename. The exploit uses the PUT method to upload a JSP file, which can then be executed on the server.

This is a GUI-based exploit tool for CVE-2017-12615, which allows arbitrary file upload via HTTP PUT method in Apache Tomcat. It includes functionality for vulnerability detection, command execution, and webshell upload.

This PoC exploits CVE-2017-12615, a file extension bypass vulnerability in Apache Tomcat 7.0.0-7.0.79, allowing arbitrary JSP file upload via PUT requests. It uploads a JSP file to the target server and executes it, demonstrating remote code execution (RCE) on Windows systems with PUT method enabled.

This PoC exploits CVE-2017-12615 (Tomcat PUT method RCE) by uploading a malicious JSP file containing a command execution payload. The script checks if the target is vulnerable before attempting exploitation.

This PoC exploits CVE-2017-12615, a vulnerability in Apache Tomcat 7.0.0-7.0.79 where misconfigured PUT method access allows arbitrary JSP file upload and remote command execution. The script uploads a malicious JSP payload and provides an interactive shell.

This PoC exploits CVE-2017-12615, a PUT method vulnerability in Apache Tomcat, to upload a malicious JSP file. The JSP file allows remote command execution via a password-protected parameter.

This Perl script exploits CVE-2017-12615 and CVE-2017-12617 by uploading a JSP payload via a malformed PUT request to Apache Tomcat servers, bypassing restrictions to achieve remote code execution.

This Go-based exploit targets CVE-2017-12615, a PUT method vulnerability in Apache Tomcat. It uploads a JSP webshell with command execution capabilities, accessible via a password-protected parameter.

The repository contains only a README file with the CVE identifier and no exploit code or technical details. It is not a functional PoC.

This repository contains a Java-based exploit for CVE-2017-12615, a remote code execution vulnerability in Apache Tomcat. The exploit allows an attacker to execute arbitrary commands on vulnerable Tomcat servers by leveraging a file upload vulnerability in the PUT method.

This repository provides a functional lab environment for CVE-2017-12615, demonstrating RCE via JSP upload in Apache Tomcat 7.0.79 with misconfigured `readonly=false`. It includes a Dockerized setup and step-by-step exploitation instructions.

This PoC demonstrates a PUT-based arbitrary file upload vulnerability in Apache Tomcat (CVE-2017-12615). The curl command uploads a JSP file to a vulnerable Tomcat server, enabling remote code execution.

This PoC exploits CVE-2017-12615 in Apache Tomcat by uploading a JSP file via HTTP PUT request, leading to remote code execution (RCE) if the servlet context is configured with `readonly=false`.

This PoC exploits CVE-2017-12615, a PUT method vulnerability in Apache Tomcat 7.0.0-7.0.79, allowing arbitrary JSP file upload. It uploads a test file and verifies success by checking if the file is accessible.

This Perl script exploits CVE-2017-12615 and CVE-2017-12617 by uploading a JSP payload via a malformed PUT request to Apache Tomcat servers. It checks for vulnerability by verifying the HTTP response code and payload execution.

This repository is a stub for CVE-2017-12615, referencing a vulnerable Docker container setup for Apache Tomcat. It does not contain exploit code but points to external sources for vulnerable images.

This PoC demonstrates CVE-2017-12615, a vulnerability in Apache Tomcat 8.5.19 where misconfigured `readonly=false` allows arbitrary file upload via the PUT method. The exploit bypasses file extension restrictions by appending a trailing slash to the filename (e.g., `1.jsp/`).