Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Tomcat Cookie Exposed" module is designed to detect a misconfiguration in the Apache Tomcat server that exposes sensitive cookie information. This module targets instances of Tomcat that have a specific servlet called "CookieExample" enabled. The severity of this misconfiguration is classified as low.
This module was authored by tess and dk999.
If the "Tomcat Cookie Exposed" misconfiguration is present, it can potentially expose sensitive cookie data to unauthorized users. This can lead to various security risks, such as session hijacking or unauthorized access to user accounts.
The "Tomcat Cookie Exposed" module works by sending a GET request to the "/examples/servlets/servlet/CookieExample" path on the target Tomcat server. It then checks for specific content in the response to determine if the misconfiguration is present.
The matching conditions for this module are as follows:
- The response must contain the phrases "Cookies Example" and "Your browser is sending the following cookies:" - The response status code must be 200If both conditions are met, the module will report the vulnerability.
Reference- https://medium.com/bugbountywriteup/apache-example-servlet-leads-to-61a2720cac20
Metadatamax-request: 1
verified: true