This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Apache Tomcat service is potentially affected by an
information disclosure vulnerability.
According to its self-reported version number, the instance of Apache
Tomcat 7.0.x listening on the remote host is a version prior to
7.0.54. It is, therefore, potentially affected by an information
An error exists that could allow undesired XML parsers to be injected
into the application by a malicious web application and allow
bypassing security controls, processing of external XML entities and
Note that Nessus has not tested for this issue but has insteadvrelied
only on the version in Tomcat's banner or error page.
See also :
Update to Apache Tomcat version 7.0.54 or later.
Risk factor :
Low / CVSS Base Score : 3.3
CVSS Temporal Score : 2.9
Public Exploit Available : false