Some security scanners (such as WebInspect) may report *.gz files served by TDM Portal to be a risk factor.
A sample result from WebInspect reads as follows:
Webinspect has detected an archive file with the .gz extension on the target server. The severity of the threats posed by the web-accessible backup files depends on the sensitivity of the information stored in original document. Based on that information, an attacker can gain sensitive information about the site architecture, database and network access credential details, encryption keys, and so forth from these files. The attacker can use information obtained to craft precise targeted attacks, which may not otherwise be feasible, against the application.
The URL provided will look like this:
https://[TDM PORTAL HOSTNAME]:8443/TestDataManager/assets/font/casans/[FILE NAME].gz
Some compressed font and library files were inadvertently left over in 2 directories.
All *.gz files in the following directories can be safely deleted:
Once deleted the scan should no longer report these as vulnerable or threats.