id: tomcat-scripts info: name: Apache Tomcat Example Scripts - Detect author: Co0nan,Higor Melgaço severity: info description: Multiple Apache Tomcat example scripts were detected. reference: - https://www.acunetix.com/vulnerabilities/web/apache-tomcat-examples-directory-vulnerabilities/ - https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 tags: apache,tomcat,misconfig metadata: max-request: 8 http: - method: GET path: - "{{BaseURL}}/examples/servlets/index.html" - "{{BaseURL}}/examples/jsp/index.html" - "{{BaseURL}}/examples/websocket/index.xhtml" - "{{BaseURL}}/examples/servlets/servlet/SessionExample" - "{{BaseURL}}/..;/examples/servlets/index.html" - "{{BaseURL}}/..;/examples/jsp/index.html" - "{{BaseURL}}/..;/examples/websocket/index.xhtml" - "{{BaseURL}}/..;/examples/servlets/servlet/SessionExample" matchers: - type: word words: - "JSP Examples" - "JSP Samples" - "Servlets Examples" - "WebSocket Examples" - "GET based form" condition: or