• Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs. Some of these examples are a security risk and should not be deployed on a production server.
  The Sessions Example servlet (installed at /examples/servlets/servlet/SessionExample) allows session manipulation. Because the session is global this servlet poses a big security risk as an attacker can potentitally become an administrator by manipulating its session.

• Disable public access to the examples directory.

• • Tomcat Servlet Examples threats

• 

• CWE-264

• Configuration Information Disclosure Known Vulnerabilities

• Joomla! Core Security Bypass
• Apache Tomcat version older than 7.0.30
• WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)
• WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)
• Your SSL certificate is about to expire