Novell NetWare 6.0 Tomcat source.jsp Traversal Arbitrary File Access
High Nessus Plugin ID 12119
SynopsisSensitive data can be read on the remote data.
DescriptionThe Apache Tomcat server distributed with NetWare 6.0 has a directory traversal vulnerability. As a result, sensitive information could be obtained from the NetWare server, such as the RCONSOLE password located in AUTOEXEC.NCF.
SolutionUpgrade Tomcat to the latest version, or disable the service if it is not required.
Remove default files from the web server. Also, ensure the RCONSOLE password is encrypted and utilize a password protected screensaver for console access.