Apache Tomcat < 8.0.30 Directory Disclosure
Medium Nessus Plugin ID 121123
SynopsisThe remote Apache Tomcat server is affected by an information disclosure vulnerability.
DescriptionAccording to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 8.0.30. It is, therefore, affected by an information disclosure vulnerability:
- An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Tomcat version 8.0.30 or later.