The remote Apache Tomcat server is affected by an information disclosure vulnerability.
The remote Apache Tomcat web server is affected by an information disclosure vulnerability in the index page of the Manager and Host Manager applications. An unauthenticated, remote attacker can exploit this vulnerability to obtain a valid cross-site request forgery (XSRF) token during the redirect issued when requesting /manager/ or /host-manager/. This token can be utilized by an attacker to construct an XSRF attack. Note that there are reportedly several additional vulnerabilities; however, Nessus has not tested for these.
Upgrade to Apache Tomcat version 7.0.68 / 8.0.32 / 9.0.0.M3 or later.