Description
Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs.
Some of these examples are a security risk and should not be deployed on a production server.
The Sessions Example servlet (installed at /examples/servlets/servlet/SessionExample) allows session manipulation. Because the session is global this servlet poses a big security risk as an attacker can potentitally become an administrator by manipulating its session.
Remediation
Disable public access to the examples directory.
References
Related Vulnerabilities
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Security Bypass (2.9.2)
WordPress Plugin AlertWire Information Disclosure (1.1.1)
Cookie signed with weak secret key
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.5)