|
|
Family: CGI abuses : XSS --> Category: infos
Apache Tomcat TroubleShooter Servlet Installed Vulnerability Scan
Vulnerability Scan Summary
Tests whether the Apache Tomcat TroubleShooter Servlet is installed
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Apache Tomcat Server is vulnerable to cross script scripting and
path disclosure issues.
Description :
The default installation of Tomcat includes various sample jsp pages and
servlets.
One of these, the 'TroubleShooter' servlet, discloses various information about
the system on which Tomcat is installed. This servlet can also be used to
perform cross-site scripting attacks against third party users.
Solution :
Example files should not be left on production servers.
See also :
http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|
