Apache Tomcat 7.0.41 < 7.0.89 Default Insecure Settings
High Nessus Plugin ID 111066
SynopsisThe remote Apache Tomcat server is affected default insecure settings for the CORS filter.
DescriptionThe version of Apache Tomcat installed on the remote host is at least 7.0.41 and prior to 7.0.89. It is, therefore, affected by having insecure default settings in the CORS filter.
SolutionUpgrade to Apache Tomcat version 7.0.89 or later.