Apache Tomcat "allowLinking" on Case Insensitive Filesystems

Description

The scanner can read the content (source code) of an Apache Tomcat JSP file, this may indicate the "allowLinking" flag is enabled on case insensitive filesystem (ex. Windows). According to the Apache Tomcat Configuration Reference this flag must not be set to true on the Windows platform (or any other OS which does not have a case sensitive filesystem), as it will disable case sensitivity checks, allowing JSP source code disclosure, among other security problems.

Remediation

The "allowLinking" flag MUST NOT be set to true on the Windows platform (or any other OS which does not have a case sensitive filesystem), as it will disable case sensitivity checks, allowing JSP source code disclosure, among other security problems.

References