This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.
The management console for the remote web server is protected using a
known set of credentials.
Nessus was able to gain access to the Manager web application for the
remote Tomcat server using a known set of credentials. A remote
attacker can exploit this issue to install a malicious application on
the affected server and run arbitrary code with Tomcat's privileges
(usually SYSTEM on Windows, or the unprivileged 'tomcat' account on
Unix). Note that worms are known to propagate this way.
See also :
Edit the associated 'tomcat-users.xml' file and change or remove the
affected set of credentials.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true