This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote Apache Tomcat service is affected by an information
The remote web server contains an information disclosure
vulnerability. The full install path of Apache Tomcat can be obtained
by sending an HTTP request which contains a long URL.
Note that there reportedly is an additional install path disclosure
vulnerability in this version of Apache Tomcat, although Nessus has
not tested for it explicitly.
See also :
Update to Apache Tomcat version 4.0.2 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true