The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disclosure Vulnerability

Discussion in 'Security' started by huzie, May 14, 2013.

  1. huzie

    huzie Member

    Joined:
    Mar 8, 2011
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Hi All,

    I have just run a Nessus scan on one of my sites and it brought back a medium level issue regarding - Apache Tomcat Directory Listing and File Disclosure

    The description is:

    Apache Tomcat (prior to 3.3.1a) is prone to a directory listing and file disclosure vulnerability.

    By requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present, or obtain unprocessed source code for a JSP file.

    Also note that, when deployed with JDK 1.3.1 or earlier, Tomcat allows files outside of the application directory to be accessed because 'web.xml' files are read with trusted privileges.


    The resolution suggested is:

    Upgrade to Tomcat 4.1.18 or later.

    Only problem is I am reasonably sure I don't have Tomcat enabled. Its not selected in easy apache.

    Apache version running is 2.2.24

    any suggestions on how to close this vulnerability?

    thanks
     
  2. huzie

    huzie Member

    Joined:
    Mar 8, 2011
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Any ideas anyone?

    Really keen to get this resolved as we are getting lots of hacks right now
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    And you think its due to this?

    Have you looked at the docs for Tomcat?
    Tomcat - cPanel Documentation
     
Loading...

Share This Page