According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.45 / 7.0.68 / 8.0.30. It is, therefore, affected by an information disclosure vulnerability:
Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.
Binary data 9316.pasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
svn.apache.org/viewvc?view=rev&rev=1715216,http://svn.apache.org/viewvc?view=rev&rev=1717216,http://svn.apache.org/viewvc?view=rev&rev=1715213,http://svn.apache.org/viewvc?view=rev&rev=1717212,http://svn.apache.org/viewvc?view=rev&rev=1715207,http://svn.apache.org/viewvc?view=rev&rev=1717209,http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.45,http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.68,http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.30