The version of Apache Tomcat installed on the remote host is < 10.0.0-M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_10.0.0-m10_security-10 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the applicationβs self-reported version number.
Binary data 701330.pasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527
github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2,https://bz.apache.org/bugzilla/show_bug.cgi?id=64830,https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb,https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M10