Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Tomcat exposed docs

By kannthu

Informative
Vidoc logoVidoc Module
#version#tomcat#docs
Description

What is the "Tomcat exposed docs" module?

The "Tomcat exposed docs" module is a test case designed to detect the presence of exposed documentation in Apache Tomcat servers. It focuses on identifying instances where the default Tomcat documentation is accessible, which can potentially lead to information disclosure and increase the attack surface of the server.

This module is created by an unknown author and has an informative severity level.

Impact

If the module detects exposed documentation in Apache Tomcat servers, it indicates a potential security risk. Attackers can leverage this information to gain insights into the server's configuration, potentially identifying vulnerabilities or misconfigurations that can be exploited.

How the module works?

The "Tomcat exposed docs" module works by sending a GET request to the "/docs/" path of the target server. It then applies matching conditions to determine if the response indicates the presence of Apache Tomcat and if the HTTP status code is 200 (OK).

Example HTTP request:

GET /docs/ HTTP/1.1
Host: [target server]

The module uses two matching conditions:

- Matcher 1: It checks if the response contains the words "Apache Tomcat". - Matcher 2: It verifies if the HTTP status code is 200 (OK).

If both matching conditions are met, the module reports the presence of exposed documentation in the Apache Tomcat server.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/docs/
Matching conditions
word: Apache Tomcatand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability