SynopsisThe remote Apache Tomcat server is affected by a cache poisoning vulnerability.
DescriptionThe version of Apache Tomcat installed on the remote host is 8.0.0.RC1 or later but prior to 8.0.45. It is, therefore, affected by a flaw in the CORS filter where the HTTP Vary header is not properly added. This allows a remote attacker to conduct client-side and server-side cache poisoning attacks.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Tomcat version 8.0.45 or later.