The version of Apache Tomcat installed on the remote host is < 8.5.68. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.5.68_security-8 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the applicationβs self-reported version number.
Binary data 701355.pasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037
github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc,https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b,https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02,https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.68