The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of IBM Engineering Requirements Management DOORS (formerly IBM Rational DOORS) installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory.

  - Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet     containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly     vulnerable to an authorization bypass. (CVE-2022-32532)

  - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow     a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary     shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client     or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade     both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
    (CVE-2023-46604)

  - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be     exploited. There is only a risk in conjunction with Java object deserialization within an application. In     such situations, it allows attackers to erase contents of arbitrary files, make network connections, or     possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. (CVE-2022-36944)

  - IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which     could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the     website trusts. IBM X-Force ID: 251216. (CVE-2023-28949)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows     remote attackers to inject arbitrary web script through a crafted protected comment (with the     cke_protected syntax). (CVE-2020-9281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 9.0.65-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2023-005 advisory.

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 8.5.87-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-013 advisory.

    A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A     local attacker without access to the Tomcat process or configuration files could be able to manipulate the     RMI registry to perform a man-in-the-middle attack. The attacker could then capture user names and     passwords used to access the JMX interface and gain complete control over the Tomcat instance.
    (CVE-2019-12418)

    When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98     there was a narrow window where an attacker could perform a session fixation attack. The window was     considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has     been treated as a security vulnerability. (CVE-2019-17563)

    A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly     validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload     lengths could lead to a denial of service. The highest threat from this vulnerability is to system     availability. (CVE-2020-13935)

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

    The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape     the type, message or description values. In some circumstances these are constructed from user provided     data and it was therefore possible for users to supply values that invalidated or manipulated the JSON     output. (CVE-2022-45143)

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting     in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note     that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is     not enabled by default and must be explicitly configured. (CVE-2023-24998)

    When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the     X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,     10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This     could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-176 advisory.

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

    The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape     the type, message or description values. In some circumstances these are constructed from user provided     data and it was therefore possible for users to supply values that invalidated or manipulated the JSON     output. (CVE-2022-45143)

    When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the     X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,     10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This     could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat8 installed on the remote host is prior to 8.5.87-1.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1732 advisory.

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

    When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the     X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,     10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This     could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4257-1 advisory.

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

  - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was     configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x     only), Tomcat did not reject a request containing an invalid Content-Length header making a request     smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the     request with the invalid header. (CVE-2022-42252)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4221-1 advisory.

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

  - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was     configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x     only), Tomcat did not reject a request containing an invalid Content-Length header making a request     smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the     request with the invalid header. (CVE-2022-42252)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4009-1 advisory.

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7272 advisory.

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web     applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster),     the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

    This release of Red Hat JBoss Web Server 5.7.0 serves as a replacement for Red Hat JBoss Web Server 5.6.1.
    This release includes bug fixes, enhancements and component upgrades, which are documented in the Release     Notes, linked to in the References.

    Security Fix(es):

    * tomcat: local privilege escalation vulnerability (CVE-2022-23181)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5265 advisory.

  - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to     7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the     server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is     configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)     or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker     knows the relative file path from the storage location used by FileStore to the file the attacker has     control over; then, using a specifically crafted request, the attacker will be able to trigger remote code     execution via deserialization of the file under their control. Note that all of conditions a) to d) must     be true for the attack to succeed. (CVE-2020-9484)

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

  - The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat     10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local     attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue     is only exploitable when Tomcat is configured to persist sessions using the FileStore. (CVE-2022-23181)

  - The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and     8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an     untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and     integrity protection, it does not protect against all risks associated with running over any untrusted     network, particularly DoS risks. (CVE-2022-29885)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3160 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3160-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Markus Koschany     October 26, 2022                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : tomcat9     Version        : 9.0.31-1~deb10u7     CVE ID         : CVE-2021-43980 CVE-2022-23181 CVE-2022-29885

    Several security vulnerabilities have been discovered in the Tomcat     servlet and JSP engine.

    CVE-2021-43980

        The simplified implementation of blocking reads and writes introduced in         Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing         (but extremely hard to trigger) concurrency bug that could cause client         connections to share an Http11Processor instance resulting in responses, or         part responses, to be received by the wrong client.

    CVE-2022-23181

        The fix for bug CVE-2020-9484 introduced a time of check, time of use         vulnerability into Apache Tomcat that allowed a local attacker to perform         actions with the privileges of the user that the Tomcat process is using.
        This issue is only exploitable when Tomcat is configured to persist         sessions using the FileStore.

    CVE-2022-29885

        The documentation of Apache Tomcat for the EncryptInterceptor incorrectly         stated it enabled Tomcat clustering to run over an untrusted network. This         was not correct. While the EncryptInterceptor does provide confidentiality         and integrity protection, it does not protect against all risks associated         with running over any untrusted network, particularly DoS risks.

    For Debian 10 buster, these problems have been fixed in version     9.0.31-1~deb10u7.

    We recommend that you upgrade your tomcat9 packages.

    For the detailed security status of tomcat9 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/tomcat9

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.77, 9.0.0-M1 to 9.0.60, 10.0.0-M1 to 10.0.18 or 10.1.0-M1 to 10.1.0-M12. It is, therefore, affected by a information disclosure vulnerability. The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is < 8.5.78. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.5.78_security-8 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is < 9.0.62. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.62_security-9 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 10.1.0.M14. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.1.0-m14_security-10 advisory.

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is 9.x prior to 9.0.62.

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

Note : these changes are to mitigate the effects of CVE-2022-22965.

The version of Apache Tomcat installed on the remote host is 10.x prior to 10.0.20.

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

The version of Apache Tomcat installed on the remote host is 8.x prior to 8.5.78.

  - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to     Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache     Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause     client connections to share an Http11Processor instance resulting in responses, or part responses, to be     received by the wrong client. (CVE-2021-43980)

Note : these changes are to mitigate the effects of CVE-2022-22965.

ID	Name	Product	Family	Severity
224201	Linux Distros Unpatched Vulnerability : CVE-2021-43980	Nessus	Misc.	low
191754	IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)	Nessus	Windows	critical
181989	Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2023-005 (ALASTOMCAT9-2023-005)	Nessus	Amazon Linux Local Security Checks	low
181934	Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-013)	Nessus	Amazon Linux Local Security Checks	high
175066	Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2023-176)	Nessus	Amazon Linux Local Security Checks	high
174622	Amazon Linux AMI : tomcat8 (ALAS-2023-1732)	Nessus	Amazon Linux Local Security Checks	medium
168252	SUSE SLES15 Security Update : tomcat (SUSE-SU-2022:4257-1)	Nessus	SuSE Local Security Checks	high
168200	SUSE SLES15 Security Update : tomcat (SUSE-SU-2022:4221-1)	Nessus	SuSE Local Security Checks	high
167786	SUSE SLES12 Security Update : tomcat (SUSE-SU-2022:4009-1)	Nessus	SuSE Local Security Checks	low
166823	RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.0 (RHSA-2022:7272)	Nessus	Red Hat Local Security Checks	high
166706	Debian DSA-5265-1 : tomcat9 - security update	Nessus	Debian Local Security Checks	high
166572	Debian dla-3160 : libtomcat9-embed-java - security update	Nessus	Debian Local Security Checks	high
113378	Apache Tomcat 8.5.x < 8.5.78 Information Disclosure	Web App Scanning	Component Vulnerability	low
113377	Apache Tomcat 9.0.0-M1 < 9.0.62 Information Disclosure	Web App Scanning	Component Vulnerability	low
113376	Apache Tomcat 10.0.0-M1 < 10.0.20 Information Disclosure	Web App Scanning	Component Vulnerability	low
113375	Apache Tomcat 10.1.0-M1 < 10.1.0-M14 Information Disclosure	Web App Scanning	Component Vulnerability	low
701425	Apache Tomcat < 8.5.78 Vulnerability	Nessus Network Monitor	Web Servers	high
701424	Apache Tomcat < 9.0.62 Vulnerability	Nessus Network Monitor	Web Servers	high
165511	Apache Tomcat 10.1.0.M1 < 10.1.0.M14	Nessus	Web Servers	low
159464	Apache Tomcat 9.0.0.M1 < 9.0.62 Spring4Shell CVE-2021-43980	Nessus	Web Servers	low
159463	Apache Tomcat 10.0.0.M1 < 10.0.20 Spring4Shell (CVE-2022-22965) Mitigations	Nessus	Web Servers	low
159462	Apache Tomcat 8.x < 8.5.78 Spring4Shell CVE-2021-43980	Nessus	Web Servers	low

Detections

Analytics

CVE-2021-43980

low

Tenable Plugins

low

critical

low

high

high

medium

high

high

low

high

high

high

low

low

low

low

high

high

low

low

low

low