This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Apache Tomcat server is affected by an information
The version of Apache Tomcat installed on the remote host is 8.5.7
or later but prior to 8.5.11. It is, therefore, affected by an
information disclosure vulnerability in the nextRequest() function in
Http11InputBuffer.java due to improper limits of a ByteBuffer being
set. An unauthenticated, remote attacker can exploit this to disclose
ByteBuffer data associated with a different request.
Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.
See also :
Upgrade to Apache Tomcat version 8.5.11 or later.
Note that the vulnerability was also fixed in version 8.5.10; however,
this version was never publicly released.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false