Apache Tomcat “allowLinking” on Case Insensitive Filesystems

Description

The scanner can read the content (source code) of an Apache Tomcat JSP file, this may indicate the "allowLinking" flag is enabled on case insesitive filesystem (ex. Windows). According to the Apache Tomcat Configuration Reference this flag must not be set to true on the Windows platform (or any other OS which does not have a case sensitive filesystem), as it will disable case sensitivity checks, allowing JSP source code disclosure, among other security problems.

Impact
The remote attacker can access the source code of the JSP files on the server.

Recommendation
The "allowLinking" flag MUST NOT be set to true on the Windows platform (or any other OS which does not have a case sensitive filesystem), as it will disable case sensitivity checks, allowing JSP source code disclosure, among other security problems.

References
Apache Tomcat Configuration Reference - The Context Container