This script is Copyright (C) 2000-2014 Tenable Network Security, Inc.
It may be possible to access arbitrary files from the remote system.
The page /admin/contextAdmin/contextAdmin.html
can be accessed.
This allows an attacker to add context to your Tomcat
web server, and potentially to read arbitrary files
on this server.
restrict access to /admin or remove this
context, and do not run Tomcat as root.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 7.4
Family: Web Servers
Nessus Plugin ID: 10477 ()
Bugtraq ID: 1548
CVE ID: CVE-2000-0672
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.