The version of Apache Tomcat installed on the remote host is at least 7.0.25 and prior to 7.0.90. It is, therefore, affected by multiple vulnerabilities :
A flaw exists in WebSocket client because host name verification is missing
A flaw exists in CORS filter due to insecure defaults
Note that the scanner has not attempted to exploit these issues but has instead relied only on the applicationβs self-reported version number.
No source data