Description

When Apache Tomcat is installed with a default configuration, several example files are also installed. These files may disclose sensitive information that could help a potential attacker.

Remediation

Remove these files from the server.

References

OWASP - Insecure Configuration Management

CWE-215: Information Exposure Through Debug Information

Related Vulnerabilities

WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)

PHPinfo pages

Dotenv .env file

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)

SAP NetWeaver server info information disclosure

Severity

Medium

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Test Files Information Disclosure