|
Family: CGI abuses --> Category: infos
Tomcat's /admin is world readable Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of /admin
Detailed Explanation for this Vulnerability Test
The page /admin/contextAdmin/contextAdmin.html
can be accessed.
This allows a possible hacker to add context to your Tomcat
web server, and potentially to read arbitrary files
on this server.
Solution : restrict access to /admin or remove this
context, and do not run TomCat as root.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|