ID de Prueba:	1.3.6.1.4.1.25623.1.0.11046
Categoría:	Web application abuses
Título:	Apache Tomcat TroubleShooter Servlet Installed
Resumen:	The remote Apache Tomcat Server is vulnerable to cross script scripting and; path disclosure issues.
Descripción:	Summary: The remote Apache Tomcat Server is vulnerable to cross script scripting and path disclosure issues. Vulnerability Insight: The default installation of Tomcat includes various sample jsp pages and servlets. One of these, the 'TroubleShooter' servlet, discloses various information about the system on which Tomcat is installed. This servlet can also be used to perform cross-site scripting attacks against third party users. Solution: Example files should not be left on production servers. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-2006 BugTraq ID: 4575 http://www.securityfocus.com/bid/4575 Bugtraq: 20020422 Tomcat real path disclosure (2) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://www.vupen.com/english/advisories/2008/1979/references http://www.iss.net/security_center/static/8932.php
Copyright	Copyright (C) 2002 Matt Moore

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.