Tomcat is an open source Web application server software. Tomcat belong lightweight application server, is widely used in a few small and medium systems and concurrent user access to applications, it is the preferred development and debugging JSP program.
Vulnerability Description
When using general Tomcat directly download the source code package, directly after decompression. By default, Tomcat Web root source package contains servlets-examples and tomcat-docs directory, there are security risks in some samples in these directories.
For example, session sample (/ examples / servlets / servlet / SessionExample) allows the user to manipulate session, it may be exploited to direct login authentication mechanism back to bypass the site.
The affected area
All versions of Tomcat
Rehabilitation program
Because under normal circumstances, without the use of a sample function, suggest that after you have deployed Tomcat servlets-examples and delete tomcat-docs directory.
Note: Please make a backup before modifying, or create Snapshot.
If it helps you, please feel free to look at as a reward to encourage! ! ! Thank you very much! ! !
