id: apache-tomcat-snoop

info:
  name: Apache Tomcat example page disclosure - snoop
  author: pdteam
  severity: low
  description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
  reference: https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
  tags: apache

requests:
  - method: GET
    path:
      - "{{BaseURL}}/examples/jsp/snp/snoop.jsp"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Request URI: /examples/jsp/snp/snoop.jsp'

      - type: status
        status:
          - 200