Apache Tomcat TroubleShooter Servlet Installed Network Vulnerability

Summary

The remote Apache Tomcat Server is vulnerable to cross script scripting and path disclosure issues. Description : The default installation of Tomcat includes various sample jsp pages and servlets. One of these, the 'TroubleShooter' servlet, discloses various information about the system on which Tomcat is installed. This servlet can also be used to perform cross-site scripting attacks against third party users.

Solution

Example files should not be left on production servers.

References

http://www.osvdb.org/displayvuln.php?osvdb_id=849

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-2006

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness

Take action and discover your vulnerabilities