A Java class in the /WEB-INF folder inadvertently exposes sensitive configuration information, potentially containing application credentials or cryptographic keys.
Implement robust access controls to restrict unauthorized access to the /WEB-INF folder and its contents. Consider configuring the web server to deny directory listing or remove the /WEB-INF folder altogether.