It was possible to read the content of /EXT.INI (BadBlue configuration file) by sending an invalid GET request. A cracker may exploit this vulnerability to steal the passwords.
upgrade your software or protect it with a filtering reverse proxy
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011