Merge pull request #6995 from eremit4/patch-1

Create tomcat-exposed-examples.yaml
2023-04-21 18:23:40 +05:30 · 2023-04-21 18:23:40 +05:30 · 222c7cf4e2
parent 7a1a7512df 4cc0ba5b78
commit 222c7cf4e2
1 changed files with 8 additions and 4 deletions
--- a/misconfiguration/tomcat-scripts.yaml
+++ b/misconfiguration/tomcat-scripts.yaml
@ -2,14 +2,17 @@ id: tomcat-scripts

 info:
  name: Apache Tomcat Example Scripts - Detect
-  author: Co0nan
+  author: Co0nan,Higor Melgaço
  severity: info
  description: Multiple Apache Tomcat example scripts were detected.
+  reference:
+    - https://www.acunetix.com/vulnerabilities/web/apache-tomcat-examples-directory-vulnerabilities/
+    - https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0.0
    cwe-id: CWE-200
-  tags: apache,tomcat
+  tags: apache,tomcat,misconfig

 requests:
  - method: GET
@ -17,9 +20,11 @@ requests:
      - "{{BaseURL}}/examples/servlets/index.html"
      - "{{BaseURL}}/examples/jsp/index.html"
      - "{{BaseURL}}/examples/websocket/index.xhtml"
+      - "{{BaseURL}}/examples/servlets/servlet/SessionExample"
      - "{{BaseURL}}/..;/examples/servlets/index.html"
      - "{{BaseURL}}/..;/examples/jsp/index.html"
      - "{{BaseURL}}/..;/examples/websocket/index.xhtml"
+      - "{{BaseURL}}/..;/examples/servlets/servlet/SessionExample"

    matchers:
      - type: word
@ -28,6 +33,5 @@ requests:
          - "JSP Samples"
          - "Servlets Examples"
          - "WebSocket Examples"
+          - "GET based form"
        condition: or
-
-# Enhanced by md on 2023/02/06