All Products
Document Center

[Vulnerability notice] Java web.xml information leakage vulnerability

Last Updated: May 07, 2018


The web.xml of Java applications is located in the WEB-INF directory. However, the WEB-INF directory may be accessed by external users because of improper configuration, resulting in the leakage of configuration information.


Re-configure the permissions for the WEB-INF directory.

Note: Take a backup before making any changes, or create a hard disk snapshot for ECS.