Apache Tomcat TroubleShooter Servlet Installed Network Vulnerability

Summary

The remote Apache Tomcat Server is vulnerable to cross script scripting and path disclosure issues. Description : The default installation of Tomcat includes various sample jsp pages and servlets. One of these, the 'TroubleShooter' servlet, discloses various information about the system on which Tomcat is installed. This servlet can also be used to perform cross-site scripting attacks against third party users.

Solution

Example files should not be left on production servers.

References

http://www.osvdb.org/displayvuln.php?osvdb_id=849

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-2006

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability
An Image Gallery Directory Traversal Vulnerability
Apache Open For Business HTML injection vulnerability
Apache Tomcat source.jsp malformed request information disclosure

Take action and discover your vulnerabilities