CVE-2013-6357

13.11.2013, 15:55

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI.  NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.

CSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Vendor	Product	Version
apache	tomcat	𝑥 ≤ 5.5.25
apache	tomcat	1.1.3
apache	tomcat	3.0
apache	tomcat	3.1
apache	tomcat	3.1.1
apache	tomcat	3.2
apache	tomcat	3.2.1
apache	tomcat	3.2.2
apache	tomcat	3.2.2:beta2
apache	tomcat	3.2.3
apache	tomcat	3.2.4
apache	tomcat	3.3
apache	tomcat	3.3.1
apache	tomcat	3.3.1a:a
apache	tomcat	3.3.2
apache	tomcat	4.0.0
apache	tomcat	4.0.1
apache	tomcat	4.0.2
apache	tomcat	4.0.3
apache	tomcat	4.0.4
apache	tomcat	4.0.5
apache	tomcat	4.0.6
apache	tomcat	4.1.0
apache	tomcat	4.1.1
apache	tomcat	4.1.2
apache	tomcat	4.1.3
apache	tomcat	4.1.3:beta
apache	tomcat	4.1.9:beta
apache	tomcat	4.1.10
apache	tomcat	4.1.12
apache	tomcat	4.1.15
apache	tomcat	4.1.24
apache	tomcat	4.1.28
apache	tomcat	4.1.29
apache	tomcat	4.1.31
apache	tomcat	4.1.36
apache	tomcat	5.0.0
apache	tomcat	5.0.1
apache	tomcat	5.0.2
apache	tomcat	5.0.3
apache	tomcat	5.0.4
apache	tomcat	5.0.5
apache	tomcat	5.0.6
apache	tomcat	5.0.7
apache	tomcat	5.0.8
apache	tomcat	5.0.9
apache	tomcat	5.0.10
apache	tomcat	5.0.11
apache	tomcat	5.0.12
apache	tomcat	5.0.13
apache	tomcat	5.0.14
apache	tomcat	5.0.15
apache	tomcat	5.0.16
apache	tomcat	5.0.17
apache	tomcat	5.0.18
apache	tomcat	5.0.19
apache	tomcat	5.0.21
apache	tomcat	5.0.22
apache	tomcat	5.0.23
apache	tomcat	5.0.24
apache	tomcat	5.0.25
apache	tomcat	5.0.26
apache	tomcat	5.0.27
apache	tomcat	5.0.28
apache	tomcat	5.0.29
apache	tomcat	5.0.30
apache	tomcat	5.5.0
apache	tomcat	5.5.1
apache	tomcat	5.5.2
apache	tomcat	5.5.3
apache	tomcat	5.5.4
apache	tomcat	5.5.5
apache	tomcat	5.5.6
apache	tomcat	5.5.7
apache	tomcat	5.5.8
apache	tomcat	5.5.9
apache	tomcat	5.5.10
apache	tomcat	5.5.11
apache	tomcat	5.5.12
apache	tomcat	5.5.13
apache	tomcat	5.5.14
apache	tomcat	5.5.15
apache	tomcat	5.5.16
apache	tomcat	5.5.17
apache	tomcat	5.5.18
apache	tomcat	5.5.19
apache	tomcat	5.5.20
apache	tomcat	5.5.21
apache	tomcat	5.5.22
apache	tomcat	5.5.23
apache	tomcat	5.5.24

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

tomcat6

saucy	not-affected
raring	not-affected
quantal	not-affected
precise	not-affected
lucid	not-affected

tomcat7

saucy	not-affected
raring	not-affected
quantal	not-affected
precise	not-affected
lucid	dne

Known Exploits!

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

http://www.webapp-security.com/wp-content/uploads/2013/11/Apache-Tomcat-5.5.25-CSRF-Vulnerabilities.txt