Apache Tomcat 8.0.x < 8.0.45 Cache Poisoning
Medium Nessus Network Monitor Plugin ID 700685
SynopsisThe remote web server is missing an Apache Tomcat patch update.
DescriptionThe version of Apache Tomcat installed on the remote host is version 8.0.x prior to 8.0.45. It is, therefore, affected by a flaw in the CORS filter where the HTTP Vary header is not properly added. This allows a remote attacker to conduct client-side and server-side cache poisoning attacks.
SolutionUpdate to Apache Tomcat version 8.0.45 or later.