According to its self-reported version number, the Apache Tomcat instance listening on the remote host is 7.0.x prior to 7.0.70, 8.0.x < 8.0.36, 8.5.x < 8.5.3 or 9.0.x < 9.0.0.M8. It is, therefore, affected by a denial of service vulnerability:
Note that Nessus iNetwork Monitor has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
Binary data 700700.pasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
svn.apache.org/viewvc?view=revision&revision=1743480,http://svn.apache.org/viewvc?view=rev&rev=1743722,http://svn.apache.org/viewvc?view=rev&rev=1743738,http://svn.apache.org/viewvc?view=rev&rev=1743742,http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.70,http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.3_and_8.0.36,http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M8