web.xml configuration file disclosure
Description
The WEB-INF/web.xml Deployment Descriptor file describes how to deploy a web application in a servlet container such as Tomcat. Normally, this file should not be accessible. However, Invicti was able to read the contents of this file by using various encodings and directory traversal variants.
Remediation
Restrict access to this file.