Apache Tomcat contextAdmin Arbitrary File Access
High Nessus Plugin ID 10477
SynopsisThe remote Apache Tomcat web server is affected by an arbitrary file access vulnerability.
DescriptionThe page /admin/contextAdmin/contextAdmin.html can be accessed. An attacker can exploit this to read arbitrary files.
SolutionRestrict access to /admin or remove this context, and do not run Tomcat as root.