Description

When Apache Tomcat is installed with a default configuration, several example files are also installed. These files may disclose sensitive information that could help a potential attacker.

Remediation

Remove these files from the server.

References

OWASP - Insecure Configuration Management

CWE-215: Information Exposure Through Debug Information

Related Vulnerabilities

WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)

WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)

Oracle JavaServer Faces multiple vulnerabilities

WordPress full path disclosure

SAP NetWeaver server info information disclosure

Severity

Medium

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Test Files Information Disclosure