m-mohamedin
commented
1 year ago Fixed in the latest release Thanks for the report
Closed mgoeppl closed 1 year ago
m-mohamedin
commented
1 year ago Fixed in the latest release Thanks for the report
Hi, my OpenVAS tests in my local infrastructure returned the following after scanning my device, this is for the latest docker container. Summary
The Apache Tomcat servlet/JSP container has default files installed. Detection Result
The following default files were found : https://ip:8443/examples/servlets/index.html https://ip:8443/examples/jsp/snp/snoop.jsp https://ip:8443/examples/jsp/index.html Product Detection Result
Product cpe:/a:apache:tomcat:9.0.20 Method Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) Log View details of product detection Insight
Default files, such as documentation, default Servlets and JSPs were found on the Apache Tomcat servlet/JSP container. Detection Method
Details: Apache Tomcat servlet/JSP container default files OID: 1.3.6.1.4.1.25623.1.0.12085 Version used: 2020-05-08T08:34:44Z Impact
These files should be removed as they may help an attacker to guess the exact version of the Apache Tomcat which is running on this host and may provide other useful information. Solution
Solution Type: Mitigation Remove default files, example JSPs and Servlets from the Tomcat Servlet/JSP container.