Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Disclosure Vulnerability

Discussion in 'Security' started by huzie, May 14, 2013.

  1. huzie

    huzie Member

    Joined:
    Mar 8, 2011
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    51
    Hi All,

    I have just run a Nessus scan on one of my sites and it brought back a medium level issue regarding - Apache Tomcat Directory Listing and File Disclosure

    The description is:

    Apache Tomcat (prior to 3.3.1a) is prone to a directory listing and file disclosure vulnerability.

    By requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present, or obtain unprocessed source code for a JSP file.

    Also note that, when deployed with JDK 1.3.1 or earlier, Tomcat allows files outside of the application directory to be accessed because 'web.xml' files are read with trusted privileges.


    The resolution suggested is:

    Upgrade to Tomcat 4.1.18 or later.

    Only problem is I am reasonably sure I don't have Tomcat enabled. Its not selected in easy apache.

    Apache version running is 2.2.24

    any suggestions on how to close this vulnerability?

    thanks
     
  2. huzie

    huzie Member

    Joined:
    Mar 8, 2011
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    51
    Any ideas anyone?

    Really keen to get this resolved as we are getting lots of hacks right now
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,565
    Likes Received:
    438
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    And you think its due to this?

    Have you looked at the docs for Tomcat?
    Tomcat - cPanel Documentation
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice