id: apache-tomcat-snoop info: name: Apache Tomcat example page disclosure - snoop author: pdteam severity: low description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection. reference: - https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks tags: apache,misconfig,tomcat,disclosure requests: - method: GET path: - "{{BaseURL}}/examples/jsp/snp/snoop.jsp" matchers-condition: and matchers: - type: word words: - 'Request URI: /examples/jsp/snp/snoop.jsp' - type: status status: - 200