Tomcat /status Information Disclosure

This script is Copyright (C) 2003-2016 StrongHoldNet

Synopsis :

The remote web server is affected by an information disclosure

Description :

Requesting the URI '/status' gives information about the currently
running instance of the remote web server (most likely Apache Tomcat).
It also allows anybody to reset the current statistics. A remote
attacker can use this information to mount further attacks.

Solution :

Disable this feature if it is not being used. Otherwise, restrict
access to it.

Risk factor :

Medium / CVSS Base Score : 6.4

Family: Web Servers

Nessus Plugin ID: 11218 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now