tomcat-stacktraces: Tomcat Stack Traces Enabled

漏洞描述

PoC代码[已公开]

id: tomcat-stacktraces

info:
  name: Tomcat Stack Traces Enabled
  author: lucky0x0d
  severity: low
  description: |
    Examine whether Tomcat stack traces are turned on by employing a designated problematic pattern.
  classification:
    cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: apache
    product: tomcat
    shodan-query: title:"Apache Tomcat"
  tags: misconfig,tech,tomcat,apache,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/?f=\['

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "tomcat")'
          - 'contains(body, "org.apache")'
          - status_code == 400
        condition: and
# digest: 4a0a00473045022100de0aed811f7cc7402d647dfdc4953304e655f44be65199ee58862149d43a974702201d32f947d64da63410d3d55fb50c6ef71eafeaa2f6957aff04c99802f8ab43f8:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• Gladinet CentreStack & TrioFox /storage/t.dn 目录遍历漏洞（CVE-2025-11371）
• Apache Tomcat URL重写绕过漏洞 （CVE-2025-55752）
• CVE-2025-24813 Apache Tomcat 远程代码执行漏洞
• tomcat-default-login: Apahce Tomcat Manager Default Login
• POC CVE-2020-13935: Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service
• POC CVE-2025-22457: Ivanti Connect Secure - Stack-based Buffer Overflow
• POC CVE-2000-0760: Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
• POC CVE-2007-2449: Apache Tomcat 4.x-7.x - Cross-Site Scripting
• CVE-2016-8735: Apache Tomcat - Remote Code Execution via JMX Ports
• POC CVE-2017-12615: Apache Tomcat Servers - Remote Code Execution
• POC CVE-2017-12617: Apache Tomcat - Remote Code Execution
• POC CVE-2018-11759: Apache Tomcat JK Connect <=1.2.44 - Manager Access
• POC CVE-2018-11784: Apache Tomcat - Open Redirect