The remote web server is affected by multiple vulnerabilities.
The version of Apache Tomcat installed on the remote host is affected by a multiple vulnerabilities : - A username enumeration vulnerability exists when FORM based authentication with either the MemoryRealm, DataSourceRealm, or JDBCRealm is used. (CVE-2009-0580) - A denial of service exists if Tomcat receives a request with invalid headers via the Java AJP connector. (CVE-2009-0033) - A remote information-disclosure vulnerability exists in the 'RequestDispatcher' can be exploited to gain access to content in the 'WEB-INF' directory. (CVE-2008-5515) - It is possible for a web application to replace the XML parser used by Tomcat to process 'web.xml', 'context.xml', and 'tld' files.