CVE-2017-12615 Exploitation Attempt

Aug 21, 2020 ·

Detects Remote Code Execution(JSP Upload Bypass) attack

Sigma rule (View on GitHub)

 1title: CVE-2017-12615 Exploitation Attempt
 2id: 805d1ac0-3aed-42e0-b742-d816dd7f0bba
 3status: experimental
 4description: Detects Remote Code Execution(JSP Upload Bypass) attack
 5references:
 6  - https://www.exploit-db.com/exploits/42953
 7author: Loginsoft Research Unit 
 8date: 2020/06/17
 9logsource:
10  product: apache
11  category: webserver
12detection:
13  selection:
14    c-uri: '/*.jsp/'
15    cs-method: 'PUT'
16    sc-status: 
17      - 201
18      - 403 
19  condition: selection
20level: medium```

References

OffSec’s Exploit Database Archive

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (1). CVE-2017-12615 . webapps exploit for Windows platform

Read More

CVE-2017-12615 Exploitation Attempt

Sigma rule (View on GitHub)

References

OffSec’s Exploit Database Archive