Published on: 2017-04-04 16:52:39

Apache Tomcat Vulnerabilities Found Using DefenseCode ThunderScan SAST

by: DefenseCode Team

During the source code security analysis of Apache Tomcat with DefenseCode ThunderScan SAST solution, two different security issues were discovered, ranked as medium risk. When exploited, discovered vulnerabilities can be abused to disclose and retrieve arbitrary files on server, such as Apache Tomcat configuration file with plain text usernames and passwords or any other file which Apache Tomcat has permission to access.

Full vulnerability details are published as an advisory and include ThunderScan screenshots for better understanding of the vulnerability.


DefenseCode Team