Defect Apache Tomcat End of Life check

ilmila / J2EEScan

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

GNU General Public License v2.0

645 stars 186 forks source link

Defect Apache Tomcat End of Life check #33

Closed MW-OP closed 3 years ago

MW-OP commented 3 years ago

The Apache Tomcat EoL check does not work correctly. It only checks for the major version and thus generates a scan issue for Apache 8.5.X.

https://github.com/ilmila/J2EEScan/blob/0cbeed35650d8098b3d7c989b291bd1ceb6089fb/src/main/java/burp/SoftwareVersions.java#L36-L37