Detect Tomcat Exposed Scripts
An attacker gets critical informations using these scripts.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
5 sec
Scan only one
Url
Parent Category
Detect Tomcat Exposed Scripts Detail
Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs. Some of these examples are a security risk and should not be deployed on a production server. The Sessions Example servlet (installed at /examples/servlets/servlet/SessionExample) allows session manipulation. Because the session is global this servlet poses a big security risk as an attacker can potentitally become an administrator by manipulating its session.
Try it yourself,
control security posture
control security posture