Ivano Binetti

Personal Blog

Main menu

Skip to primary content
Skip to secondary content
  • Home
  • About Me
  • My Publications
  • Contacts

Monthly Archives: November 2013

Apache Tomcat 5.5.25 Deploy/Undeploy/Start/Stop Applications

Posted on November 4, 2013
Reply

I and my friend Gianmarco Pirozzi discovered new vulnerabilities affecting Apache Tomcat which allow to perform the following malicious activities:

  • Undeploy an existing application
  • Deploy a new application
  • Stop an application
  • Start an application

For more details you can read our Original Advisory:
Apache Tomcat 5.5.25 Start/Stop/Deploy/Undeploy Application | CSRF Vulnerabilities

MITRE CVE Numbering Authority assigned me CVE-2013-6357 for these vulnerabilities.

My Advisory has been also published in the following web sites:
http://www.securityfocus.com/bid/63515
http://osvdb.org/show/osvdb/99375
http://packetstormsecurity.com/files/123894/Apache-Tomcat-5.5.25-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/29435/
http://1337day.com/exploits/21455
http://www.scip.ch/en/?vuldb.11098
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6357
https://bugzilla.redhat.com/show_bug.cgi?id=1030090
http://www.cvedetails.com/cve/CVE-2013-6357/
http://xforce.iss.net/xforce/xfdb/88471
http://en.securitylab.ru/nvd/447679.php
http://www.us-cert.gov/ncas/bulletins/SB13-322
http://www.cvedetails.com/cve/CVE-2013-6357/

Posted in 0day Vulnerabilities, Bugtraq ID - Security Focus, CVE MITRE, IBM X-Force, Inj3ct0r, NIST - NVD, OSVDB, Packet Storm, web, Web Vulnerabilities | Leave a reply
Follow @ivanobinetti

Real Time Tweets

RT @matteorenzi: Oggi Grillo torna al referendum sull'Euro. Grida al colpo di Stato. Da quando ha capito che non andranno a Palazzo Chigi h…
- Friday May 4 - 3:14pm

RT @Veracode: @IvanoBinetti What are the gaps in your appsec program, Ivano? See how you stack up to your peers: http://t.co/m2d7K4jh9X
- Monday Jan 5 - 1:45pm

RT @Breakingviews: #Italy’s lesson for Europe: do your homework http://t.co/3bvzjYYX6c Read @Unmack1 on Matteo Renzi’s European election tr…
- Tuesday May 27 - 1:37pm

D-Link firmware in order to fix my vulnerabilities is coming http://t.co/AMUUxkS3eG #cybersecurity #dlink
- Thursday Mar 13 - 10:44pm

RT @_hkm: Added D-Link DSL-2740B - Disable Wireless MAC Filter http://t.co/Mxl5TWS1J8 by @IvanoBinetti
- Tuesday Mar 4 - 4:17pm

Categories

  • 0day Vulnerabilities
  • Browser
  • Bugtraq ID – Security Focus
  • CVE MITRE
  • ftp
  • Google
  • hardware
  • IBM X-Force
  • Inj3ct0r
  • Javascript
  • Kaspersky Lab
  • Linux bash
  • Metasploit
  • Netcat
  • NIST – NVD
  • OSVDB
  • Packet Storm
  • Perl
  • Secunia
  • Uncategorized
  • web
  • Web Vulnerabilities

Recent Posts

  • Apache Tomcat 5.5.25 Deploy/Undeploy/Start/Stop Applications
  • D-Link DSL-2740B Multiple CSRF Vulnerabilities | CVE-2013-5730
  • Update on Google Translate CSRF Vulnerability | Google is fixing the issue
  • Translate.google.com | CSRF Vulnerability
  • D-Link DSL-2740B (ADSL Router) Authentication Bypass | CVE-2013-2271

Archives

  • November 2013
  • September 2013
  • June 2013
  • March 2013
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • October 2011
  • June 2011
  • March 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010

Calendar

November 2013
M T W T F S S
« Sep    
 123
45678910
11121314151617
18192021222324
252627282930  
Ivano Binetti @2010-2014