DX NetOps

Spec KB:  JSPs and Servlets vulnerability in Cabi 3.3

  • 1.  Spec KB:  JSPs and Servlets vulnerability in Cabi 3.3

    Posted 09-04-2014 01:42 PM

    Document ID:    TEC605960

     

    Spec KB:  JSPs and Servlets vulnerability in Cabi 3.3

     

    Description:


    When performing security assessment using a tool named Nessus, the following vulnerability files are found under Apache tomcat directory.


    Vulnerability:


    Example JSPs and Servlets are installed in the remote Apache Tomcat> servlet/JSP directories


    Recommendation:


    Review the files and delete those that are not needed.

    /examples/servlets/index.html
    /examples/jsp/snp/snoop.jsp
    /examples/jsp/index.html


    Path of the files:


    /opt/CA/SharedComponents/CommonReporting3/bobje/enterprise120/warfiles/WebApps/examples/jsp/snp/snoop.jsp /opt/CA/SharedComponents/CommonReporting3/bobje/tomcat/webapps/examples/jsp/snp/snoop.jsp /opt/CA/SharedComponents/CommonReporting3/bobje/tomcat/webapps/examples/jsp/index.html /opt/CA/SharedComponents/CommonReporting3/bobje/tomcat/webapps/examples/servlets/index.html


    Please select the following link for more information on this subject:


    Knowledge Document Link:


      https://comm.support.ca.com/?legacyid=TEC605960