Netsparker identified that the target Tomcat web server discloses server side source code. An attacker might obtain server side source code of the web application which can contain sensitive data such as database connection strings, usernames and passwords, along with the technical and business logic of the application.
Depending on the nature of the source code disclosed, an attacker can mount one or more of the following types of attacks:
Actions to Take
Required Skills for Successful Exploitation
This is dependent on the information obtained from source code. Uncovering these forms of vulnerabilities does not require high levels of skills. However a highly skilled attacker could leverage this form of vulnerability to obtain account information for databases or administrative panels, ultimately leading to control of the application or even the host that the application resides on.