Hi All,
I have just run a Nessus scan on one of my sites and it brought back a medium level issue regarding - Apache Tomcat Directory Listing and File Disclosure
The description is:
Apache Tomcat (prior to 3.3.1a) is prone to a directory listing and file disclosure vulnerability.
By requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present, or obtain unprocessed source code for a JSP file.
Also note that, when deployed with JDK 1.3.1 or earlier, Tomcat allows files outside of the application directory to be accessed because 'web.xml' files are read with trusted privileges.
The resolution suggested is:
Upgrade to Tomcat 4.1.18 or later.
Only problem is I am reasonably sure I don't have Tomcat enabled. Its not selected in easy apache.
Apache version running is 2.2.24
any suggestions on how to close this vulnerability?
thanks
I have just run a Nessus scan on one of my sites and it brought back a medium level issue regarding - Apache Tomcat Directory Listing and File Disclosure
The description is:
Apache Tomcat (prior to 3.3.1a) is prone to a directory listing and file disclosure vulnerability.
By requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present, or obtain unprocessed source code for a JSP file.
Also note that, when deployed with JDK 1.3.1 or earlier, Tomcat allows files outside of the application directory to be accessed because 'web.xml' files are read with trusted privileges.
The resolution suggested is:
Upgrade to Tomcat 4.1.18 or later.
Only problem is I am reasonably sure I don't have Tomcat enabled. Its not selected in easy apache.
Apache version running is 2.2.24
any suggestions on how to close this vulnerability?
thanks
