Is Clarity & Jaspersoft Vulnerable to Apache Tomcat Default Files Vulnerability?
Also can the below files be removed from Clarity & Jaspersoft Tomcat Folders?
Release : Any Supported release of Clarity & Jaspersoft
Clarity is deployed as managed service so for an exploiter to hit the below mentioned URL is not possible, even though the base Tomcat folder will have docs & example folder. However as soon as clarity is started there is tomcat folder gets deployed under clarity folder as tomcat-nsa-deploy & tomcat-app-deploy and in those folders docs and example folders are not available. However those files can still be deleted from base Tomcat folder
In Jaspersoft by default the above mentioned URL can be exploited and its recomended to delete the docs & example folder under tomcat_home\webapps folder. In order to do that follow the below steps