Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability

info
discussion
exploit
solution
references

Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability

Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation.

Under some circumstances, Tomcat may yield sensitive information about the web server configuration. When the source.jsp page is passed a malformed request, it may leak information. This information may include the web root directory, and possibly a directory listing.