Description
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Remediation
References
Related Vulnerabilities
phpList Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-3188)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Request Forgery (4.3.24)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)
WordPress Plugin Supafolio Multiple Unspecified Vulnerabilities (2.1.0)