Apache Tomcat TroubleShooter Servlet Installed Network Vulnerability

Summary

The remote Apache Tomcat Server is vulnerable to cross script scripting and path disclosure issues. Description : The default installation of Tomcat includes various sample jsp pages and servlets. One of these, the 'TroubleShooter' servlet, discloses various information about the system on which Tomcat is installed. This servlet can also be used to perform cross-site scripting attacks against third party users.

Solution

Example files should not be left on production servers.

References

http://www.osvdb.org/displayvuln.php?osvdb_id=849

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-2006

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Afian 'includer.php' Directory Traversal Vulnerability
Apple Safari Multiple Vulnerabilities
Apache Struts Directory Traversal Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
3Com NBX VoIP NetSet Detection

Take action and discover your vulnerabilities