CVE-2013-6357
Apache Tomcat < 5.5.25 - Cross-Site Request Forgery via Manager Application
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6357. PoCs published by Ivano Binetti.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Apache Tomcat 5.5.25 and below, allowing an attacker to undeploy applications via a crafted HTML form. The PoC automates the submission of a POST request to the Manager application's undeploy endpoint.
Description
Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.
Exploits (1)
This exploit demonstrates a CSRF vulnerability in Apache Tomcat 5.5.25 and below, allowing an attacker to undeploy applications via a crafted HTML form. The PoC automates the submission of a POST request to the Manager application's undeploy endpoint.