The remote web server is running Apache TomEE.
The remote web server is running Apache TomEE 1.x prior to 1.7.4 or 7.x prior to 7.0.0-M3 and is affected by a flaw in the EJBd protocol that is triggered during the deserialization of crafted Java Objects. This may allow a remote attacker to execute arbitrary code. Exploitation requires that EJBd is enabled on an instance (the default setting).
Upgrade Apache TomEE to version 7.0.0-M3. If version 7.x cannot be obtained, version 1.7.4 is also patched for this issue.