The version of Apache Tomcat installed on the remote host is < 9.0.48. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.48_security-9 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the applicationβs self-reported version number.
Binary data 701354.pasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037
github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e,https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8,https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0,https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.48