id: public-tomcat-manager

info:
  name: Apache Tomcat Manager Disclosure
  author: Ahmed Sherif,geeknik
  severity: info
  description: An Apache Tomcat Manager panel was discovered.
  classification:
    cwe-id: CWE-200
  tags: panel,tomcat,apache

requests:
  - method: GET
    path:
      - '{{BaseURL}}/manager/html'
      - '{{BaseURL}}/host-manager/html'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Apache Tomcat"

      - type: status
        status:
          - 401
          - 200
        condition: or

# Enhanced by mp on 2022/03/16