|
Family: Misc. --> Category: attack
Tomcat /status information disclosure Vulnerability Scan
Vulnerability Scan Summary Makes a request like http://www.example.com/server-status
Detailed Explanation for this Vulnerability Test
Requesting the URI /status gives information about
the currently running Tomcat.
It also allows anybody to reset (ie: permanently delete) the current
statistics.
Threat Level: Low
Solution : If you don't use this feature, comment the appropriate section in
your httpd.conf file. If you really need it, limit its access to
the administrator's machine.
Click HERE for more information and discussions on this network vulnerability scan.
|