The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 or 8.5.0 to 8.5.55. It is, therefore, affected by a denial of service via HTTP/2 requests.
Note that the scanner has not attempted to exploit these issues but has instead relied only on the applicationβs self-reported version number.
No source data