gsd-2013-6357
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-6357",
"description": "** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that \"the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.\"",
"id": "GSD-2013-6357",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2013-6357"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-6357"
],
"details": "** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that \"the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.\"",
"id": "GSD-2013-6357",
"modified": "2023-12-13T01:22:19.265766Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that \"the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webapp-security.com/wp-content/uploads/2013/11/Apache-Tomcat-5.5.25-CSRF-Vulnerabilities.txt",
"refsource": "MISC",
"url": "http://www.webapp-security.com/wp-content/uploads/2013/11/Apache-Tomcat-5.5.25-CSRF-Vulnerabilities.txt"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E56174BC-6569-4C6E-ACD6-4632F0FBFEE8",
"versionEndIncluding": "5.5.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "981C90A2-B2EE-43E8-9885-4C9446770CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFF8D91-80A2-454A-8B44-A5A889002692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC42876-65AD-476A-8B62-25D4E15D1BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A8FF9-8089-4302-8200-08987A712988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F97DDB7-E32B-422F-8AEA-07C75DEAD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7079F63C-7CA8-4909-A9C8-45C4C1C1C186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C13A162-9F3A-41EB-BF4A-A54AD26F7F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4BE08AEE-4801-4FAF-97AD-BBD5C5849E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC829C8E-1061-4F62-BA4B-FE5C7F11F209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "143BA75E-A186-47EF-A18C-B1A1A1F61C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CDF9E1-9412-450E-B1D4-438F128FFF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32561F50-6385-4D71-AFAC-3D2F8DB55A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "D51D88E7-6F5C-42B0-BAD6-7DCD9A357B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C091BCC4-4B19-4304-A807-FE3BB3BCC8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4:*:*:*:*:*:*:*",
"matchCriteriaId": "91C34D49-E1A2-47F0-8D85-25BB900A1844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "914E1404-01A2-4F94-AA40-D5EA20F55AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FB1106-B26D-45BE-A511-8E69131BBA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "401A213A-FED3-49C0-B823-2E02EA528905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFE5AD8-DB14-4632-9D2A-F2013579CA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7641278D-3B8B-4CD2-B284-2047B65514A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B9911-E836-4A96-A0E8-D13C957EC0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D2341C51-A239-4A4A-B0DC-30F18175442C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E300013-0CE7-4313-A553-74A6A247B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08D7414-8D0C-45D6-8E87-679DF0201D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60CFD9CA-1878-4C74-A9BD-5D581736E6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "B7E52BE7-5281-4430-8846-E41CF34FC214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBDA8066-294D-431E-B026-C03707DFBCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF6952D-6308-4029-8B63-0BD9C648C60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5A28B11A-3BC7-41BC-8970-EE075B029F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5:*:*:*:*:*:*:*",
"matchCriteriaId": "28CB39A6-8452-43F3-9DC4-8ADA8260FDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13D9B12F-F36A-424E-99BB-E00EF0FCA277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A8FEEF0-8E57-43B1-8316-228B76E458D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D82F3FAE-91AD-4F0B-A1F7-11C1A97C5ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B2802B-E56C-462A-9601-361A9166B5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "190FB4FD-22A5-4771-8F99-1E260A36A474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD3785E-3A09-4BE4-96C7-619B8A7D5062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "285F7969-09F6-48CC-89CE-928225A53CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9EDACC-0300-4DA7-B1CD-5F7A6029AF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B387EF0-94AD-4C8E-8CD4-4F5F706481BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA486065-18D5-4425-ADA5-284101919564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A0141E20-2E3D-4CD0-A757-D7CA98499CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9E62493D-FEAE-49E8-A293-CE18451D0264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FA01AB58-CAB2-420A-9899-EAB153DD898A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D731AFDD-9C33-4DC8-9BC6-06BB51048752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "01706205-1369-4E5D-8936-723DA980CA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC4A52C-6FBC-420A-885A-F72BC1DBAEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A1C882D-949B-40B9-BC9F-E7FCE4FE7C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1451D2-B905-4AD7-9BD7-10CF2A12BA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C505696B-10E4-4B99-A598-40FA0DA39F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB2F3D8-25A1-408E-80D0-59D52A901284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C3904E9A-585A-4005-B2E9-13538535383D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1934BF-83E3-4B0B-A1DF-391A5332CE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F06B9809-5BFA-4DB9-8753-1D8319713879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6631B0-9F2E-4C5F-AB21-F085A8C1559B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "15625451-E56D-405F-BE9B-B3CB1A35E929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "97ADBDC4-B669-467D-9A07-9A2DD8B68374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA876C8-4417-4C35-9FEC-278D45CE6E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "03C08A88-9377-4B32-8173-EE2D121B06D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F7225A43-8EAE-4DA6-BBDC-4418D5444767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A46C0933-3B19-40EA-8DED-2BF25AB85C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34672E90-C220-436B-9143-480941227933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that \"the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
},
{
"lang": "es",
"value": "** DISPUTADO ** Vulnerabilidad de CSRF en la aplicaci\u00f3n Manager en Apache Tomcat 5.5.25 y anteriores versiones permite a atacantes remotos secuestrar la autenticaci\u00f3n de peticiones de administrador que manipulen la distribuci\u00f3n de aplicaciones a trav\u00e9s del m\u00e9todo POST, tal tal y como se demuestra mediante la URI /manager/html/undeploy?path=. NOTA: el vendedor discute la importancia de este reporte, indicando que \"el equipo de seguridad de Apache Tomcat no acepta ning\u00fan reporte de ataques CSRF contra la aplicaci\u00f3n Manager ... ya que requieren un administrador de sistemas imprudente\"."
}
],
"id": "CVE-2013-6357",
"lastModified": "2024-04-11T00:50:44.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-13T15:55:04.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.webapp-security.com/wp-content/uploads/2013/11/Apache-Tomcat-5.5.25-CSRF-Vulnerabilities.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading...