A vulnerability scan found these three problems with Apache Tomcat® running with  OM Web Viewer 12.1

1. Security Finding #1 (port 8443) AutoComplete Attribute Not Disabled for Password in Form Based Authentication [ port 8443]  GET /examples/jsp/security/protected/ HTTP/1.1
2. Security Finding #2  [ port 15100]  Web Server Uses Plain Text Basic Authentication GET /manager/status HTTP/1.1 
3. Security Finding #3 [ Port 8080]  AutoComplete Attribute Not Disabled for Password in Form Based Authentication GET /examples/jsp/security/protected/ HTTP/1.1
   

• Apache Tomcat®
• Output Management Web Viewer 12.1

Security Finding #3 is caused from the Tomcat supplied "manager "application that has been configured for use.

1. Security Finding #1 (port 8443) may be resolved by undeploying the examples application. The examples application is not utilized by OM Web Viewer 12.1.
2. Security Finding #2 [ port 15100] may be resolved by undeploying the Tomcat Manager, which was set up for use with a userid and password while troubleshooting a problem.
3. Security Finding #3 (Port 8080) may also be resolved by undeploying the examples application. The examples application is not utilized by  OM Web Viewer 12.1.