guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Bradford <chrismbradf...@outlook.com>
Subject Docker images scanned with OpenVAS :: NVT: Apache Tomcat servlet/JSP container default files
Date Thu, 25 May 2017 19:27:38 GMT
When using OpenVAS <http://www.openvas.org/> to scan a Docker host (Ubuntu 16.04 LTS)
running the guacamole/guacd and guacamole/guacamole docker containers the vulnerability below
is detected.


Whilst not overly concerning, I was just wondering if at next release this can be addressed,
or am I missing something where I can do this myself at image pull/ run?


Thanks,


Chris


----------------------------------------------------------------------


NVT: Apache Tomcat servlet/JSP container default files
Config:
Family: Web Servers
OID:    1.3.6.1.4.1.25623.1.0.12085
Version:        $Revision: 4355 $


Summary

The Apache Tomcat servlet/JSP container has default files installed.

Vulnerability Scoring
CVSS base:
6.8

CVSS base vector:

Vulnerability Insight

Default files, such as documentation, default Servlets and JSPs were found on the Apache Tomcat
servlet/JSP container.

Vulnerability Detection Method

Quality of Detection: remote_vul (99%)

Impact

These files should be removed as they may help an attacker to guess the exact version of the
Apache Tomcat which is running on this host and may provide other useful information.

Solution

Solution type: [Mitigation]  Mitigation

Remove default files, example JSPs and Servlets from the Tomcat Servlet/JSP container.


Mime
View raw message