According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.40. It is, therefore, affected by the following vulnerabilities:
An error exists related to chunk size and chunked requests that allows denial of service attacks. (CVE-2014-0075)
An error exists related to XSLT handling and security managers that allows a security bypass related to external XML entities. (CVE-2014-0096)
An error exists related to content length header handling and using the application behind a reverse proxy that allows a security bypass. (CVE-2014-0099)
An error exists that allows undesired XML parsers to be injected into the application by a malicious web application, allows the bypassing of security controls, and allows the processing of external XML entities. (CVE-2014-0119)
Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.
Binary data 8934.pasl