concept Apache Tomcat in category security
This is an excerpt from Manning's book The Art of Network Penetration Testing MEAP V09.
For example, using your service discovery data from the previous phase (chapter three, listing 3.7), you can see that one of our target systems is running Apache Tomcat/7.0.92. Now if you head over to the Apache Tomcat 7 page located at https://tomcat.apache.org/download-70.cgi, you see that during the time of this publication the latest available version of Apache Tomcat was 7.0.94. As an attacker you could make the assumption that the developers have fixed a lot of bugs between 7.0.92 and 7.0.94 and its possible that one of those bugs resulted in an exploitable weakness. Now if you head over to the public exploit database (https://www.exploit-db.com) and search for “Apache Tomcat 7” you can see the list of all the current known exploitable attack vectors and determine which ones your target might be vulnerable to.
Figured 4.6 Logged into the Apache Tomcat application manager
Figure 4.5 Manually guessing the admin password on Apache Tomcat
