Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2013-6357First vendor Publication2013-11-13
VendorCveLast vendor Modification2013-11-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6357

CWE : Common Weakness Enumeration

%idName
100 %CWE-352Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application126

ExploitDB Exploits

idDescription
2013-11-04Apache Tomcat 5.5.25 - CSRF Vulnerabilities

Sources (Detail)

SourceUrl
MISC http://www.webapp-security.com/wp-content/uploads/2013/11/Apache-Tomcat-5.5.2...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2016-10-15 12:03:01
  • Multiple Updates
2016-04-26 23:45:22
  • Multiple Updates
2013-11-14 21:32:12
  • Multiple Updates
2013-11-13 21:21:52
  • First insertion