The version of Tomcat installed on the remote host is prior to 8.5.41. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.5.41_security-8 advisory.
Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application’s self-reported version number.
Binary data 700697.pasl