Apache Tomcat 8.0.x < 8.0.52 Denial of Service

According to its self-reported version number, the Apache Tomcat instance listening on the remote host is 8.0.x prior to 8.0.52. It is, therefore, affected by the following vulnerability:

• A denial of service (DoS) vulnerability exists in Tomcat due to improper overflow handling in the UTF-8 decoder. An unauthenticated, remote attacker can exploit this issue to cause an infinite loop in the decoder, leading to a denial of service condition.

Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.