According to its self-reported version number, the Apache Tomcat service running on the remote host is 9.0.x prior to 9.0.0.M21.
Binary data 700701.pasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664
tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M21