|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses : XSS >> Apache Tomcat TroubleShooter Servlet Installed Vulnerability Assessment Details
|
Apache Tomcat TroubleShooter Servlet Installed |
||
|
Tests whether the Apache Tomcat TroubleShooter Servlet is installed Detailed Explanation for this Vulnerability Assessment Summary : The remote Apache Tomcat Server is vulnerable to cross script scripting and path disclosure issues. Description : The default installation of Tomcat includes various sample jsp pages and servlets. One of these, the 'TroubleShooter' servlet, discloses various information about the system on which Tomcat is installed. This servlet can also be used to perform cross-site scripting attacks against third party users. Solution : Example files should not be left on production servers. See also : http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html Network Security Threat Level: Low / CVSS Base Score : 3 (AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C) Networks Security ID: 4575 Vulnerability Assessment Copyright: This script is Copyright (C) 2002 Matt Moore |
||
|
Networking, Telecom Tools |
|
||
|
No Discussions have been posted on this vulnerability. |