Tomcat /status Information Disclosure

This script is Copyright (C) 2003-2012 StrongHoldNet

Synopsis :

The remote web server has an information disclosure vulnerability.

Description :

Requesting the URI '/status' gives information about the currently
running instance of the remote web server (most likely Apache Tomcat).
It also allows anybody to reset the current statistics. A remote
attacker could use this information to mount further attacks.

Solution :

Disable this feature if it is not being used. Otherwise, restrict
access to it.

Risk factor :

Medium / CVSS Base Score : 6.4

Family: Web Servers

Nessus Plugin ID: 11218 ()

Bugtraq ID: