This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Apache Tomcat server is affected by an information
The remote Apache Tomcat web server is affected by an information
disclosure vulnerability in the index page of the Manager and Host
Manager applications. An unauthenticated, remote attacker can exploit
this vulnerability to obtain a valid cross-site request forgery (XSRF)
token during the redirect issued when requesting /manager/ or
/host-manager/. This token can be utilized by an attacker to construct
an XSRF attack.
Note that there are reportedly several additional vulnerabilities;
however, Nessus has not tested for these.
See also :
Upgrade to Apache Tomcat version 7.0.68 / 8.0.32 / 9.0.0.M3 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true