Hi, We have a web server hosted on Tomcat 7.0.22.
There are two connectors defined server.xml listening at port 8080 and 8443. During vulnerability scan a 3rd party tool reported CVE-2007-0450 “Apache Tomcat Directory Traversal Attack” on both ports 8080 and 8443. The tool was able to access the Tomcat manager application with the following URL : http://localhost:8080/scripts/\../manager/html As per Tomcat security documents the issue is not present in Tomcat 7. Is there anything wrong in our web application deployment? Any help appreciated. Thanks & Regards, Aditi