Lucene search

K
cve[email protected]CVE-2013-6357
HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-6357

2022-10-0316:14:51
CWE-352
web.nvd.nist.gov
711
cve
2013
6357
csrf
vulnerability
apache
tomcat
manager
application
security
nvd

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

30.4%

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application … as they require a reckless system administrator.

Affected configurations

NVD
Node
apachetomcatRange≀5.5.25
OR
apachetomcatMatch1.1.3
OR
apachetomcatMatch3.0
OR
apachetomcatMatch3.1
OR
apachetomcatMatch3.1.1
OR
apachetomcatMatch3.2
OR
apachetomcatMatch3.2.1
OR
apachetomcatMatch3.2.2
OR
apachetomcatMatch3.2.2beta2
OR
apachetomcatMatch3.2.3
OR
apachetomcatMatch3.2.4
OR
apachetomcatMatch3.3
OR
apachetomcatMatch3.3.1
OR
apachetomcatMatch3.3.1a
OR
apachetomcatMatch3.3.2
OR
apachetomcatMatch4
OR
apachetomcatMatch4.0.0
OR
apachetomcatMatch4.0.1
OR
apachetomcatMatch4.0.2
OR
apachetomcatMatch4.0.3
OR
apachetomcatMatch4.0.4
OR
apachetomcatMatch4.0.5
OR
apachetomcatMatch4.0.6
OR
apachetomcatMatch4.1.0
OR
apachetomcatMatch4.1.1
OR
apachetomcatMatch4.1.2
OR
apachetomcatMatch4.1.3
OR
apachetomcatMatch4.1.3beta
OR
apachetomcatMatch4.1.9beta
OR
apachetomcatMatch4.1.10
OR
apachetomcatMatch4.1.12
OR
apachetomcatMatch4.1.15
OR
apachetomcatMatch4.1.24
OR
apachetomcatMatch4.1.28
OR
apachetomcatMatch4.1.29
OR
apachetomcatMatch4.1.31
OR
apachetomcatMatch4.1.36
OR
apachetomcatMatch5
OR
apachetomcatMatch5.0.0
OR
apachetomcatMatch5.0.1
OR
apachetomcatMatch5.0.2
OR
apachetomcatMatch5.0.3
OR
apachetomcatMatch5.0.4
OR
apachetomcatMatch5.0.5
OR
apachetomcatMatch5.0.6
OR
apachetomcatMatch5.0.7
OR
apachetomcatMatch5.0.8
OR
apachetomcatMatch5.0.9
OR
apachetomcatMatch5.0.10
OR
apachetomcatMatch5.0.11
OR
apachetomcatMatch5.0.12
OR
apachetomcatMatch5.0.13
OR
apachetomcatMatch5.0.14
OR
apachetomcatMatch5.0.15
OR
apachetomcatMatch5.0.16
OR
apachetomcatMatch5.0.17
OR
apachetomcatMatch5.0.18
OR
apachetomcatMatch5.0.19
OR
apachetomcatMatch5.0.21
OR
apachetomcatMatch5.0.22
OR
apachetomcatMatch5.0.23
OR
apachetomcatMatch5.0.24
OR
apachetomcatMatch5.0.25
OR
apachetomcatMatch5.0.26
OR
apachetomcatMatch5.0.27
OR
apachetomcatMatch5.0.28
OR
apachetomcatMatch5.0.29
OR
apachetomcatMatch5.0.30
OR
apachetomcatMatch5.5.0
OR
apachetomcatMatch5.5.1
OR
apachetomcatMatch5.5.2
OR
apachetomcatMatch5.5.3
OR
apachetomcatMatch5.5.4
OR
apachetomcatMatch5.5.5
OR
apachetomcatMatch5.5.6
OR
apachetomcatMatch5.5.7
OR
apachetomcatMatch5.5.8
OR
apachetomcatMatch5.5.9
OR
apachetomcatMatch5.5.10
OR
apachetomcatMatch5.5.11
OR
apachetomcatMatch5.5.12
OR
apachetomcatMatch5.5.13
OR
apachetomcatMatch5.5.14
OR
apachetomcatMatch5.5.15
OR
apachetomcatMatch5.5.16
OR
apachetomcatMatch5.5.17
OR
apachetomcatMatch5.5.18
OR
apachetomcatMatch5.5.19
OR
apachetomcatMatch5.5.20
OR
apachetomcatMatch5.5.21
OR
apachetomcatMatch5.5.22
OR
apachetomcatMatch5.5.23
OR
apachetomcatMatch5.5.24

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

30.4%