source: http://www.securityfocus.com/bid/4878/info Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. Under some circumstances, Tomcat may yield sensitive information about the web server configuration. When the realPath.jsp page is accessed, it may leak information. Upon being accessed, the realPath.jsp page will display the web root directory of the Tomcat implementation. http://example.com/test/realPath.jsp