. . . "A remote attacker could possibly obtain information such as configuration or user credentials contained in the application which resides under the WEB-INF directory." . .