tomcat-cookie-exposed: Tomcat Cookie Exposed

漏洞描述

PoC代码[已公开]

id: tomcat-cookie-exposed

info:
  name: Tomcat Cookie Exposed
  author: tess,dk999
  severity: low
  description: Tomcat Cookie is exposed.
  reference:
    - https://medium.com/bugbountywriteup/apache-example-servlet-leads-to-61a2720cac20
  metadata:
    verified: true
    max-request: 1
  tags: misconfig,apache,tomcat,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/examples/servlets/servlet/CookieExample"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Cookies Example"
          - "Your browser is sending the following cookies:"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100d2aa056494b62b609ba1d04b604ba782f4578e0de447a10318141cd4bde9ec19022100d847a48e8fd53664036747aa72b8a2741bc0e01feb88e9b5f55605a23b1a80cf:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• Apache Tomcat URL重写绕过漏洞 （CVE-2025-55752）
• CVE-2025-24813 Apache Tomcat 远程代码执行漏洞
• tomcat-default-login: Apahce Tomcat Manager Default Login
• wordpress-install: WordPress Exposed Installation
• POC CVE-2020-13935: Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service
• POC CVE-2000-0760: Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
• POC CVE-2007-2449: Apache Tomcat 4.x-7.x - Cross-Site Scripting
• POC CVE-2016-4437: Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability
• CVE-2016-8735: Apache Tomcat - Remote Code Execution via JMX Ports
• POC CVE-2017-12615: Apache Tomcat Servers - Remote Code Execution
• POC CVE-2017-12617: Apache Tomcat - Remote Code Execution
• POC CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
• POC CVE-2018-11759: Apache Tomcat JK Connect <=1.2.44 - Manager Access