This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote web server is affected by an information disclosure
Based on the Server response header, the installation of the JK
Connector (mod_jk) in Apache Tomcat listening on the remote host is
version 1.2.x prior to 1.2.41. It is, therefore, affected by an
information disclosure vulnerability due to improper handling of the
'JkUnmount' directive and multiple, adjacent slashes in requests. A
remote attacker can exploit this to access restricted private
artifacts, resulting in the disclosure of sensitive information.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.
See also :
Upgrade to mod_jk version 1.2.41 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false