Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Tomcat exposed docs" module is a test case designed to detect the presence of exposed documentation in Apache Tomcat servers. It focuses on identifying instances where the default Tomcat documentation is accessible, which can potentially lead to information disclosure and increase the attack surface of the server.
This module is created by an unknown author and has an informative severity level.
If the module detects exposed documentation in Apache Tomcat servers, it indicates a potential security risk. Attackers can leverage this information to gain insights into the server's configuration, potentially identifying vulnerabilities or misconfigurations that can be exploited.
The "Tomcat exposed docs" module works by sending a GET request to the "/docs/" path of the target server. It then applies matching conditions to determine if the response indicates the presence of Apache Tomcat and if the HTTP status code is 200 (OK).
Example HTTP request:
GET /docs/ HTTP/1.1
Host: [target server]
The module uses two matching conditions:
- Matcher 1: It checks if the response contains the words "Apache Tomcat". - Matcher 2: It verifies if the HTTP status code is 200 (OK).If both matching conditions are met, the module reports the presence of exposed documentation in the Apache Tomcat server.