Description

When Apache Tomcat is installed with a default configuration, several example files are also installed. These files may disclose sensitive information that could help a potential attacker.

Remediation

Remove these files from the server.

References

OWASP - Insecure Configuration Management

CWE-215: Information Exposure Through Debug Information

Related Vulnerabilities

WordPress Plugin Unyson Information Disclosure (2.7.18)

ASP.NET viewstate encryption disabled

Core dump file

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

Severity

Medium

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Test Files Information Disclosure