Apache Tomcat Remote Code Execution via JSP upload (CVE-2017-12615 / CVE-2017-12617)

In the recent days, a new vulnerability in Apache Tomcat has been published (CVE-2017-12615). The vulnerability allows attackers to upload arbitrary files to the Tomcat application server by utilizin...
Published Sep 27, 2017
Version 1.0
apache tomcat
ASM Advanced WAF
cve-2017-12615
cve-2017-12617
security

Was this article helpful?

cdjac0bsen's avatar
cdjac0bsen
Icon for Nimbostratus rankNimbostratus
Oct 05, 2017

Gal, that signature is associated with the IIS sig set. Does it only block for Tomcat on Windows or will it block on non-Windows policies?