From afdb96a7a5caa90d222856ace8f7e6f3d4bf646e Mon Sep 17 00:00:00 2001
From: eremit4 <37265495+eremit4@users.noreply.github.com>
Date: Thu, 30 Mar 2023 14:41:00 -0300
Subject: [PATCH 1/5] Create tomcat-exposed-examples.yaml

Template to detect Apache Tomcat /examples/ directory
---
 .../tomcat/tomcat-exposed-examples.yaml       | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 exposed-panels/tomcat/tomcat-exposed-examples.yaml

diff --git a/exposed-panels/tomcat/tomcat-exposed-examples.yaml b/exposed-panels/tomcat/tomcat-exposed-examples.yaml
new file mode 100644
index 0000000000..41c29fd940
--- /dev/null
+++ b/exposed-panels/tomcat/tomcat-exposed-examples.yaml
@@ -0,0 +1,35 @@
+id: tomcat-exposed-examples
+
+info:
+  name: Tomcat exposed examples
+  description: Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs. Some of these examples are a security risk and should not be deployed on a production server.
+  author: Higor Melgaço
+  reference:
+    - https://www.acunetix.com/vulnerabilities/web/apache-tomcat-examples-directory-vulnerabilities/
+    - https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks/
+  severity: medium
+  tags: tomcat,examples
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/examples/'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'Apache Tomcat Examples'
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '<ul>\n<li><a href*'
+          

From 7d2c4e92eae35b51e5b4f1593980be6c6236df82 Mon Sep 17 00:00:00 2001
From: eremit4 <37265495+eremit4@users.noreply.github.com>
Date: Thu, 30 Mar 2023 16:01:47 -0300
Subject: [PATCH 2/5] Update tomcat-exposed-examples.yaml

empty line removed from tomcat-exposed-examples.yaml template
---
 exposed-panels/tomcat/tomcat-exposed-examples.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/exposed-panels/tomcat/tomcat-exposed-examples.yaml b/exposed-panels/tomcat/tomcat-exposed-examples.yaml
index 41c29fd940..60cf0a6199 100644
--- a/exposed-panels/tomcat/tomcat-exposed-examples.yaml
+++ b/exposed-panels/tomcat/tomcat-exposed-examples.yaml
@@ -32,4 +32,3 @@ requests:
         group: 1
         regex:
           - '<ul>\n<li><a href*'
-          

From 43cddde16dfd7e784731606b8eb4f7ff4e5300c1 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Fri, 21 Apr 2023 17:24:57 +0530
Subject: [PATCH 3/5] Path - updates

---
 misconfiguration/tomcat-scripts.yaml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/misconfiguration/tomcat-scripts.yaml b/misconfiguration/tomcat-scripts.yaml
index b5a5d3f08f..3027eb08c6 100644
--- a/misconfiguration/tomcat-scripts.yaml
+++ b/misconfiguration/tomcat-scripts.yaml
@@ -2,24 +2,29 @@ id: tomcat-scripts
 
 info:
   name: Apache Tomcat Example Scripts - Detect
-  author: Co0nan
+  author: Co0nan,Higor Melgaço
   severity: info
   description: Multiple Apache Tomcat example scripts were detected.
+  reference:
+    - https://www.acunetix.com/vulnerabilities/web/apache-tomcat-examples-directory-vulnerabilities/
+    - https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks/
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0.0
     cwe-id: CWE-200
-  tags: apache,tomcat
+  tags: apache,tomcat,misconfig
 
-requests:
+requests:¯
   - method: GET
     path:
       - "{{BaseURL}}/examples/servlets/index.html"
       - "{{BaseURL}}/examples/jsp/index.html"
       - "{{BaseURL}}/examples/websocket/index.xhtml"
+      - "{{BaseURL}}/examples/servlets/servlet/SessionExample"
       - "{{BaseURL}}/..;/examples/servlets/index.html"
       - "{{BaseURL}}/..;/examples/jsp/index.html"
       - "{{BaseURL}}/..;/examples/websocket/index.xhtml"
+      - "{{BaseURL}}/..;/examples/servlets/servlet/SessionExample"
 
     matchers:
       - type: word
@@ -28,6 +33,5 @@ requests:
           - "JSP Samples"
           - "Servlets Examples"
           - "WebSocket Examples"
+          - "GET based form"
         condition: or
-
-# Enhanced by md on 2023/02/06

From 62e034187626c8bd51b9ad6286231fe7d83b13e6 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Fri, 21 Apr 2023 17:25:27 +0530
Subject: [PATCH 4/5] Delete tomcat-exposed-examples.yaml

---
 .../tomcat/tomcat-exposed-examples.yaml       | 34 -------------------
 1 file changed, 34 deletions(-)
 delete mode 100644 exposed-panels/tomcat/tomcat-exposed-examples.yaml

diff --git a/exposed-panels/tomcat/tomcat-exposed-examples.yaml b/exposed-panels/tomcat/tomcat-exposed-examples.yaml
deleted file mode 100644
index 60cf0a6199..0000000000
--- a/exposed-panels/tomcat/tomcat-exposed-examples.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-id: tomcat-exposed-examples
-
-info:
-  name: Tomcat exposed examples
-  description: Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs. Some of these examples are a security risk and should not be deployed on a production server.
-  author: Higor Melgaço
-  reference:
-    - https://www.acunetix.com/vulnerabilities/web/apache-tomcat-examples-directory-vulnerabilities/
-    - https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks/
-  severity: medium
-  tags: tomcat,examples
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/examples/'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - 'Apache Tomcat Examples'
-        condition: and
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
-      - type: regex
-        part: body
-        group: 1
-        regex:
-          - '<ul>\n<li><a href*'

From 4cc0ba5b78cae8c90875f4a136fe174ab43649ce Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Fri, 21 Apr 2023 17:33:14 +0530
Subject: [PATCH 5/5] fix syntax

---
 misconfiguration/tomcat-scripts.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misconfiguration/tomcat-scripts.yaml b/misconfiguration/tomcat-scripts.yaml
index 3027eb08c6..133eebf570 100644
--- a/misconfiguration/tomcat-scripts.yaml
+++ b/misconfiguration/tomcat-scripts.yaml
@@ -14,7 +14,7 @@ info:
     cwe-id: CWE-200
   tags: apache,tomcat,misconfig
 
-requests:¯
+requests:
   - method: GET
     path:
       - "{{BaseURL}}/examples/servlets/index.html"