12 March 2013

Security tips: Delete Tomcat examples folder

According to this blog entry : Tomcat Servlet Examples threats on ONsec , where they recommend:
"We strongly recommend to disable public access to /examples directory again."
Reasons:
  • Bypassing HttpOnly Cookies protection
  • CSRF cookies manipulation
  • Session manipulation