• Apache Tomcat default installation contains the "/examples" directory which has many example servlets and JSPs. Some of these examples are a security risk and should not be deployed on a production server. <br/> The Sessions Example servlet (installed at <span class="bb-dark">/examples/servlets/servlet/SessionExample</span>) allows session manipulation. Because the session is global this servlet poses a big security risk as an attacker can potentitally become an administrator by manipulating its session.

• Disable public access to the examples directory.

• • Tomcat Servlet Examples threats

• 

• CWE-264

• Configuration Information Disclosure Known Vulnerabilities

• VNC does not require authentication
• Rsh service running
• nginx SPDY heap buffer overflow
• PHP allow_url_include enabled (AcuSensor)
• ASP.NET ASPX debugging enabled (AcuSensor)