CVE-2013-6357

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5.25 and earlier

Description A cross-site request forgery (CSRF) issue in the Manager application allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a "/manager/html/undeploy?path=" URI. The vendor disputes the significance of this report, stating that such attacks require a reckless system administrator.

Recommendations For Apache Tomcat versions 5.5.25 and earlier, consider disabling the Manager application until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to the "/manager/html/undeploy" endpoint to minimize the risk of exploitation. Avoid using the path variable in the affected API endpoint until the issue is resolved.