Java : Suspicious access to META-INF and WEB-INF folders Description   This protection makes it possible to control HTTP accesses to the configuration folder (WEB-INF) and to the source code and classes (META-INF) of a Java based web Server (Tomcat, JBoss ...). Normally, these files are not available through HTTP connection.       Default configuration   Profiles High Medium Low Internet Action Pass Pass Pass Pass Alarm Level Major Minor Minor Minor       References         Available since   ASQ v3.5.0       Protects   JBoss Application Server (WildFly) Blacklist Bypass Vulnerability Fixed by 10.0.0.Final Thermostat "web.xml" Information Disclosure Vulnerability ToutVirtual VirtualIQ Code Execution and Information Disclosure Issues JSFTemplating FileStreamer Remote File Disclosure Vulnerability 100 last CVE   CVE-2016-0793 CVE-2015-3201 CVE-2009-4849 CVE-2009-4848 CVE-2009-4845 CVE-2009-4844 CVE-2009-4843    Risk level  Moderate