The consultant identified that there is an unauthenticated installation of apache tomcat installed on the affected host. This particular installation has the /examples directory exposed which contains several scripts that execute server side code, these scripts can also be leveraged to carry out other attacks.
This issue has been marked as medium due to the amount of executable scripts that are available in both the jsp and servlets directories. Both of which can lead to:
Implement http authentication on the affected directories, or alternatively remove the examples folder entirely to prevent the attack surface. Consider following a lockdown procedure against the installation and updating Tomcat to a newer instance.
GET /examples/jsp/index.html HTTP/1.1 Host: oneclickdrsfdc-test.informatica.com Accept: */* Accept-Language: en Connection: close
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"16288-1367228170000" Last-Modified: Mon, 29 Apr 2013 09:36:10 GMT Content-Type: text/html Content-Length: 16288 Date: Sat, 25 Jun 2016 11:39:21 GMT Connection: close ---SNIP--- --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="GENERATOR" content="Mozilla/4.61 [en] (WinNT; I) [Netscape]"> <meta name="Author" content="Anil K. Vijendran"> <title>JSP Examples</title> </head> ---SNIP---