The version of Apache Tomcat installed on the remote host is 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 or 7.0.0 to 7.0.99. It is, therefore, affected by multiple vulnerabilities :
An arbitrary file read vulnerability in AJP protocol due to an implementation defect which could also be leveraged to achieve remote code execution.
A HTTP request smuggling vulnerability due to some invalid HTTP headers parsed as valid.
A HTTP request smuggling vulnerability due to invalid Transfer-Encoding headers incorrectly processed.
Note that the scanner has not attempted to exploit these issues but has instead relied only on the applicationβs self-reported version number.
No source data