The version of Apache Tomcat installed on the remote host is version 7.x prior to 7.0.85. It is, therefore, affected by a security constraints flaw which could expose resources to unauthorized users.
Binary data 700677.pasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1304
tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85