Posted by Juan Martinez on Jul 13

Hi everyone, i found a bug in servers Apache Tomcat who performs access at
all directories.
The bug is exploit by a Dork in Google, the
PoC is: allintitle:”Directory Listing For / (directory like access”/”
For example: allintitle:”Directory Listing For / root/”
This Dork access with dir root whithout passwords and the servers are
Apache Tomcat.
I advice update the Apache Tomcat for fix this bug or control with login.
Best…