Tomcat /status Information Disclosure

This script is Copyright (C) 2003-2012 StrongHoldNet


Synopsis :

The remote web server has an information disclosure vulnerability.

Description :

Requesting the URI '/status' gives information about the currently
running instance of the remote web server (most likely Apache Tomcat).
It also allows anybody to reset the current statistics. A remote
attacker could use this information to mount further attacks.

Solution :

Disable this feature if it is not being used. Otherwise, restrict
access to it.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Family: Web Servers

Nessus Plugin ID: 11218 ()

Bugtraq ID:

CVE ID: