It's
11 years old, actually, which means it's probably vulnerable to all kinds of security problems. Which isn't too bad, because the docs clearly mention that it's meant for "developing and testing",
not production use. So it's very different from Tomcat in that regard. Seriously - run, don't walk, to replace it. That shouldn't even be hard, due to the standardization of
Servlets and JSPs.
As to the question at hand, why don't you configure a welcome file? I think those were supported in Servlet API 2.1.