Detect Tomcat Exposed Scripts

An attacker gets critical informations using these scripts.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

5 sec

Scan only one

Url

Parent Category

Detect Tomcat Exposed Scripts Detail

Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs. Some of these examples are a security risk and should not be deployed on a production server. The Sessions Example servlet (installed at /examples/servlets/servlet/SessionExample) allows session manipulation. Because the session is global this servlet poses a big security risk as an attacker can potentitally become an administrator by manipulating its session.

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.

Try it yourself,
control security posture

Get free usage

Learn More About Product