Login Sign Up

CVE-2017-12815

10.0 CRITICAL
Path Traversal

📋 TL;DR

CVE-2017-12815 is a critical path traversal vulnerability in Bomgar Remote Support Portal's JavaStart.jar applet that allows arbitrary file operations on the client system. Attackers can host malicious websites that exploit the vulnerable Java applet to create, modify, or delete files with the privileges of the user running Java. This affects all users accessing Bomgar Remote Support Portal deployments with vulnerable JavaStart.jar applets.

💻 Affected Systems

Products:
  • Bomgar Remote Support Portal
Versions: JavaStart.jar version 52790 and earlier
Operating Systems: All operating systems with Java Runtime Environment
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the Java applet component downloadable from Bomgar portals.

📦 What is this software?

Remote Support by Bomgar

View all CVEs affecting Remote Support →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file write leading to remote code execution, data destruction, or ransomware deployment.

🟠

Likely Case

File system manipulation leading to data theft, malware installation, or privilege escalation.

🟢

If Mitigated

Limited impact if Java applets are disabled or Bomgar portal is isolated from untrusted networks.

🌐 Internet-Facing: HIGH - Exploitable via malicious websites, requiring only user interaction with Java-enabled browser.
🏢 Internal Only: MEDIUM - Still exploitable via internal phishing or compromised internal websites.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to visit malicious website with Java enabled; no authentication to Bomgar required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: JavaStart.jar version after 52790

Vendor Advisory: https://www.bomgar.com/support/security-advisories

Restart Required: No

Instructions:

1. Update Bomgar Remote Support Portal to latest version. 2. Ensure JavaStart.jar is updated to version after 52790. 3. Clear browser caches to remove old applet versions.

🔧 Temporary Workarounds

Disable Java in browsers

all

Prevent Java applets from running in web browsers

Browser-specific: Disable Java plugin/add-on

Network segmentation

all

Restrict access to Bomgar portal to trusted networks only

Firewall rules to limit Bomgar portal access

🧯 If You Can't Patch

  • Disable Java applets completely in all user browsers
  • Implement strict web filtering to block malicious sites and restrict Bomgar portal access

🔍 How to Verify

Check if Vulnerable:

Check JavaStart.jar version in Bomgar portal at /api/content/JavaStart.jar; versions ≤52790 are vulnerable.

Check Version:

curl -I https://[bomgar-domain]/api/content/JavaStart.jar | grep -i 'content-disposition'

Verify Fix Applied:

Verify JavaStart.jar version >52790 and test with security scanning tools.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file operations from Java processes
  • Multiple failed Java applet loads

Network Indicators:

  • Requests to /api/content/JavaStart.jar from unusual sources
  • Java applet traffic to non-Bomgar domains

SIEM Query:

source="web_proxy" AND url="*JavaStart.jar*" AND (user_agent="*Java*" OR method="GET")

📊 Metadata

CVE ID: CVE-2017-12815
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-22
Published: March 26, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-12815, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)