Detect Tomcat Exposed Scripts

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Detect Tomcat Exposed Scripts Detail

An attacker gets critical informations using these scripts.

Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs. Some of these examples are a security risk and should not be deployed on a production server. The Sessions Example servlet (installed at /examples/servlets/servlet/SessionExample) allows session manipulation. Because the session is global this servlet poses a big security risk as an attacker can potentitally become an administrator by manipulating its session.

Some Advice for Common Problems

Disable public access to the examples directory.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service