The host is running Apache Tomcat Server and is prone to multiple security bypass vulnerabilities.
Successful exploitation could allow remote attackers to bypass intended access restrictions by sniffing the network for valid requests. Impact Level: Application
Apply patch or upgrade Apache Tomcat to 5.5.36, 6.0.36, 7.0.30 or later, For updates refer to http://tomcat.apache.org/ ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****
The flaws are due to error in HTTP digest access authentication implementation, which does not properly validate for, - stale nonce values in conjunction with enforcement of proper credentials - caches information about the authenticated user within the session state - cnonce values instead of nonce and nc values.
Apache Tomcat version 5.5.x to 5.5.35, 6.x to 6.0.35 and 7.x to 7.0.29
Updated on 2015-03-25