Apache Tomcat XML External Entity Information Disclosure Vulnerability

Summary
This host is running Apache Tomcat and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference. Impact Level: Application
Solution
Upgrade to version 6.0.40, 7.0.54, 8.0.6 or later. For updates refer to refer http://tomcat.apache.org
Insight
The flaw is due to an application does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet
Affected
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References