Apache Tomcat /status Information Disclosure
Medium Nessus Network Monitor Plugin ID 1462
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote host is running the Tomcat web server, with the /status special page set. By requesting this URI, an attacker may obtain information about the status of the remote host and may also be able to reset the statistics of the server.
SolutionIf you do not use this feature, comment out the appropriate section in your httpd.conf file. If you really need it, limit access to the administrator's host.