Apache Tomcat 7.0.41 < 7.0.79 Cache Poisoning Vulnerability
Medium Nessus Plugin ID 102587
SynopsisThe remote Apache Tomcat server is affected by a cache poisoning vulnerability.
DescriptionThe version of Apache Tomcat installed on the remote host is 7.0.41 or later but prior to 7.0.79. It is, therefore, affected by a flaw in the CORS filter where the HTTP Vary header is not properly added. This allows a remote attacker to conduct client-side and server-side cache poisoning attacks.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Tomcat version 7.0.79 or later.