Lucene search
HistoryNov 13, 2013 - 3:55 p.m.
CVE-2013-6357
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
8.2
Confidence
High
EPSS
0.001
Percentile
46.3%
Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application β¦ as they require a reckless system administrator.
Affected configurations
Node
apachetomcatRangeβ€5.5.25
ORapachetomcatMatch1.1.3
ORapachetomcatMatch3.0
ORapachetomcatMatch3.1
ORapachetomcatMatch3.1.1
ORapachetomcatMatch3.2
ORapachetomcatMatch3.2.1
ORapachetomcatMatch3.2.2
ORapachetomcatMatch3.2.2beta2
ORapachetomcatMatch3.2.3
ORapachetomcatMatch3.2.4
ORapachetomcatMatch3.3
ORapachetomcatMatch3.3.1
ORapachetomcatMatch3.3.1a
ORapachetomcatMatch3.3.2
ORapachetomcatMatch4
ORapachetomcatMatch4.0.0
ORapachetomcatMatch4.0.1
ORapachetomcatMatch4.0.2
ORapachetomcatMatch4.0.3
ORapachetomcatMatch4.0.4
ORapachetomcatMatch4.0.5
ORapachetomcatMatch4.0.6
ORapachetomcatMatch4.1.0
ORapachetomcatMatch4.1.1
ORapachetomcatMatch4.1.2
ORapachetomcatMatch4.1.3
ORapachetomcatMatch4.1.3beta
ORapachetomcatMatch4.1.9beta
ORapachetomcatMatch4.1.10
ORapachetomcatMatch4.1.12
ORapachetomcatMatch4.1.15
ORapachetomcatMatch4.1.24
ORapachetomcatMatch4.1.28
ORapachetomcatMatch4.1.29
ORapachetomcatMatch4.1.31
ORapachetomcatMatch4.1.36
ORapachetomcatMatch5
ORapachetomcatMatch5.0.0
ORapachetomcatMatch5.0.1
ORapachetomcatMatch5.0.2
ORapachetomcatMatch5.0.3
ORapachetomcatMatch5.0.4
ORapachetomcatMatch5.0.5
ORapachetomcatMatch5.0.6
ORapachetomcatMatch5.0.7
ORapachetomcatMatch5.0.8
ORapachetomcatMatch5.0.9
ORapachetomcatMatch5.0.10
ORapachetomcatMatch5.0.11
ORapachetomcatMatch5.0.12
ORapachetomcatMatch5.0.13
ORapachetomcatMatch5.0.14
ORapachetomcatMatch5.0.15
ORapachetomcatMatch5.0.16
ORapachetomcatMatch5.0.17
ORapachetomcatMatch5.0.18
ORapachetomcatMatch5.0.19
ORapachetomcatMatch5.0.21
ORapachetomcatMatch5.0.22
ORapachetomcatMatch5.0.23
ORapachetomcatMatch5.0.24
ORapachetomcatMatch5.0.25
ORapachetomcatMatch5.0.26
ORapachetomcatMatch5.0.27
ORapachetomcatMatch5.0.28
ORapachetomcatMatch5.0.29
ORapachetomcatMatch5.0.30
ORapachetomcatMatch5.5.0
ORapachetomcatMatch5.5.1
ORapachetomcatMatch5.5.2
ORapachetomcatMatch5.5.3
ORapachetomcatMatch5.5.4
ORapachetomcatMatch5.5.5
ORapachetomcatMatch5.5.6
ORapachetomcatMatch5.5.7
ORapachetomcatMatch5.5.8
ORapachetomcatMatch5.5.9
ORapachetomcatMatch5.5.10
ORapachetomcatMatch5.5.11
ORapachetomcatMatch5.5.12
ORapachetomcatMatch5.5.13
ORapachetomcatMatch5.5.14
ORapachetomcatMatch5.5.15
ORapachetomcatMatch5.5.16
ORapachetomcatMatch5.5.17
ORapachetomcatMatch5.5.18
ORapachetomcatMatch5.5.19
ORapachetomcatMatch5.5.20
ORapachetomcatMatch5.5.21
ORapachetomcatMatch5.5.22
ORapachetomcatMatch5.5.23
ORapachetomcatMatch5.5.24
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | tomcat | * | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
| apache | tomcat | 1.1.3 | cpe:2.3:a:apache:tomcat:1.1.3:*:*:*:*:*:*:* |
| apache | tomcat | 3.0 | cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:* |
| apache | tomcat | 3.1 | cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:* |
| apache | tomcat | 3.1.1 | cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:* |
| apache | tomcat | 3.2 | cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:* |
| apache | tomcat | 3.2.1 | cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:* |
| apache | tomcat | 3.2.2 | cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:* |
| apache | tomcat | 3.2.2 | cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:* |
| apache | tomcat | 3.2.3 | cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2013-6357
2013-11-13 00:00:00
openvas
openvas
Apache Tomcat <= 5.5.25 CSRF Vulnerability - Windows
2021-03-18 00:00:00
Apache Tomcat <= 5.5.25 CSRF Vulnerability - Linux
2021-03-18 00:00:00
packetstorm
packetstorm
Apache Tomcat 5.5.25 Cross Site Request Forgery
2013-11-04 00:00:00
exploitpack
exploitpack
Apache Tomcat 5.5.25 - Cross-Site Request Forgery
2013-11-04 00:00:00
seebug
seebug
Apache Tomcat 5.5.25θ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2013-12-16 00:00:00
Apache Tomcat 5.5.25 - CSRF Vulnerabilities
2014-07-01 00:00:00
zdt
zdt
Apache Tomcat 5.5.25 CSRF Vulnerabilities
2013-11-04 00:00:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2019-03-25 08:40:43
prion
prion
Cross site request forgery (csrf)
2013-11-13 15:55:00
cvelist
cvelist
CVE-2013-6357
2013-11-13 15:00:00
cve
cve
CVE-2013-6357
2013-11-13 15:55:04
exploitdb
exploitdb
Apache Tomcat 5.5.25 - Cross-Site Request Forgery
2013-11-04 00:00:00
nessus
nessus
RHEL 5 : tomcat5 (Unpatched Vulnerability)
2024-06-03 00:00:00
ibm
ibm
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
8.2
Confidence
High
EPSS
0.001
Percentile
46.3%
Related for NVD:CVE-2013-6357