The version of Apache Tomcat installed on the remote host is 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 or 7.0.0 to 7.0.98. It is, therefore, affected by a session fixation vulnerability when using FORM authentication.
Note that the scanner has not attempted to exploit these issues but has instead relied only on the applicationβs self-reported version number.
No source data