Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat /status Information Disclosure



The remote host may give an attacker information useful for future attacks.


The remote host is running the Tomcat web server, with the /status special page set. By requesting this URI, an attacker may obtain information about the status of the remote host and may also be able to reset the statistics of the server.


If you do not use this feature, comment out the appropriate section in your httpd.conf file. If you really need it, limit access to the administrator's host.