Tomcat /status Information Disclosure
Medium Nessus Plugin ID 11218
SynopsisThe remote web server is affected by an information disclosure vulnerability.
DescriptionRequesting the URI '/status' gives information about the currently running instance of the remote web server (most likely Apache Tomcat). It also allows anybody to reset the current statistics. A remote attacker can use this information to mount further attacks.
SolutionDisable this feature if it is not being used. Otherwise, restrict access to it.