The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.10. It is, therefore, affected by multiple vulnerabilities :
A flaw exists in WebSocket client because host name verification is missing
A flaw exists in NIO/NIO2 connectors due to a mishandling of close that can lead to reuse of user sessions
A flaw exists in CORS filter due to insecure defaults
Note that the scanner has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
No source data