Description
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3280 Vulnerability (CVE-2018-3280)
Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-1999-1386)
Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)
Oracle Database Server CVE-2009-0987 Vulnerability (CVE-2009-0987)
WordPress Plugin Button Widget Smartsoft Cross-Site Request Forgery (1.0.1)