# Security Updates - CVE-2017-12617

## CVE-2017-12617

### Uploading JSP file via 'HTTP PUT '

## Vulnerability Details

| Field | Details |
|---|---|
| Impact | **CVSS V3 rating: 10 (Critical)** |
| Reported | 2 Dec 2017 |
| Fixed | 2 Jan 2018 |
| Affected Builds | Till Build 123045 |
| Fixed in | Build 123046 |
| Overview | Uploading JSP file to server via 'HTTP PUT' method |
| Recommended Fix | **Upgrade to [OpManager Version 12.3.239](https://www.manageengine.com/network-monitoring/service-packs.html) or above.** |

### Description

It was possible to upload JSP file to server via 'HTTP PUT' method in OpManager before version 12.3.046. The HTTP PUT method is now blocked in Tomcat.

We recommend that you [upgrade to OpManager Version 12.3.046](https://www.manageengine.com/network-monitoring/service-packs.html) or above to fix this issue.

### Source and Acknowledgements

Find out more about CVE-2017-12617 from the [CVE dictionary](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12617).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com).