CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
46.3%
DISPUTED Cross-site request forgery (CSRF) vulnerability in the
Manager application in Apache Tomcat 5.5.25 and earlier allows remote
attackers to hijack the authentication of administrators for requests that
manipulate application deployment via the POST method, as demonstrated by a
/manager/html/undeploy?path= URI. NOTE: the vendor disputes the
significance of this report, stating that βthe Apache Tomcat Security team
has not accepted any reports of CSRF attacks against the Manager
application β¦ as they require a reckless system administrator.β
Author | Note |
---|---|
seth-arnold | DISPUTED by vendor; apparently not in tomcat6 or tomcat7 |