Description
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Mega Menu Security Bypass (1.3.9)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.5.4)
MySQL CVE-2022-21280 Vulnerability (CVE-2022-21280)
Oracle JRE CVE-2013-1561 Vulnerability (CVE-2013-1561)
WordPress Plugin SnapApp Multiple Cross-Site Scripting Vulnerabilities (1.5)