CSAL#64

Security Notification # CSAL64			Advisory Title: Apache Tomcat Default Files
Document ID:	TAS/PRD/GEN/SN-CSAL#64	Document Name:	Security Notification # CSAL64	Doc. Rev.:	0

Publication Date	15-Jan-24	Incident Source	CSAL64	CVE / Vulnerability Reference	OWASP(A6)
Last Update	06-Feb-24	Reported By	Valency Networks Testing Agency	Advisory ID#	Posting Not Started Yet
Current Version	WP500 FW 0.6.6	CVSS Score	6

Vulnerability Description		Apache Tomcat Default Files. The remote web server contains default files.
Impact		The presence of default files on an Apache Tomcat server under OWASP A6: Security Misconfiguration can lead to information disclosure, unauthorized access, and exploitation of known vulnerabilities. This vulnerability arises because default installations may contain sensitive information, unnecessary services, or known vulnerabilities. The impact includes potential unauthorized access, data breaches, and system compromise. Mitigation involves removing unnecessary files, changing default credentials, applying updates, and securing server configurations.
Affected products		WP500 Firmware 0.65 Version
Temporary Fix / Mitigation		Please update to firmware version 0.6.6.
Acknowledgment		Valency Networks , Pune
History		NA
Classification of Vulnerability