This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Apache Tomcat service may be affected by multiple
According to its self-reported version number, the instance of Apache
Tomcat 6.0 listening on the remote host is earlier than Tomcat 6.0.37
and, therefore, may be affected by multiple vulnerabilities :
- An error exists related to chunked transfer encoding
and extensions that could allow limited denial of
service attacks. (CVE-2012-3544)
- An error exists related to HTML form authentication and
session fixation that could allow an attacker to carry
out requests using a victim's credentials.
Note that Nessus did not actually test for the flaws but instead has
relied on the version in Tomcat's banner or error page so these may be
See also :
Update to Apache Tomcat version 6.0.37 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true