Tomcat Stack Traces Enabled

ID: tomcat-stacktraces

Severity: info

Author: lucky0x0d

Tags: misconfig,tech,tomcat,apache

Description

Examine whether Tomcat stack traces are turned on by employing a designated problematic pattern.

YAML Source

id: tomcat-stacktraces

info:
  name: Tomcat Stack Traces Enabled
  author: lucky0x0d
  severity: info
  description: |
    Examine whether Tomcat stack traces are turned on by employing a designated problematic pattern.
  classification:
    cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: apache
    product: tomcat
    shodan-query: title:"Apache Tomcat"
  tags: misconfig,tech,tomcat,apache

http:
  - method: GET
    path:
      - '{{BaseURL}}/?f=\['

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "tomcat")'
          - 'contains(body, "org.apache")'
          - status_code == 400
        condition: and
# digest: 4a0a00473045022055a7fe2eaebbc86ce30334bd6784204b2fb0fda86976161e887ea1d21728e0fd022100cb6e842a5baabe01ed95434f5de4c1a96a5845763f7370447a3322f8317c5fdb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/misconfiguration/tomcat-stacktraces.yaml"

View on Github