by: DefenseCode |

During the source code security analysis of Apache Tomcat with DefenseCode ThunderScan SAST solution, two different security issues were discovered, ranked as medium risk. When exploited, discovered vulnerabilities can be abused to disclose and retrieve arbitrary files on server, such as Apache Tomcat configuration file with plain text usernames and passwords or any other file which Apache Tomcat has permission to access.

Full vulnerability details are published as an advisory and include ThunderScan screenshots for better understanding of the vulnerability.


DefenseCode Team