Tomcat is a lightweight open-source web application server. It is widely used in small and medium-sized systems and scenarios with few concurrent access. It is also the first choice for JSP program development and debugging.
In general, you can directly download and extract the source code package to use Tomcat.
By default, the
tomcat-docs directories are included in the Tomcat source code package. These directory contain a number of examples, but some of them have security risks.
For example, the session example (
/examples/servlets/servlet/SessionExample) allows users to manipulate the session. Hackers may exploit this sample to bypass website authentication and directly log on to the backend.
All versions of Tomcat
Because the example feature is not generally required, we recommend that you directly delete the
tomcat-docs directories after the deployment.
Note: Make a backup before making any changes, or create a hard disk snapshot for ECS.
Learn more: Harden Tomcat.