The remote web server is missing an Apache Tomcat patch update.
Apache Tomcat 6.0.x before 6.0.45, 7.0.x before 7.0.68, or 8.0.x before 8.0.32 is affected by multiple vulnerabilities : - A flaw exists that may allow a specially crafted web application to load the 'StatusManagerServlet' servlet. This may allow a context-dependent attacker to gain unauthorized access to "a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed." (CVE-2016-0706) - A flaw exists in the StandardManager, PersistentManager, and cluster implementation that is triggered during the handling of persistent sessions. This may allow a remote attacker to bypass the security manager and use a specially crafted object in a session to execute arbitrary code. (CVE-2016-0714)
Update to Apache Tomcat version 8.0.32 or later. If version 8.0.x cannot be obtained, versions 7.0.68 and 6.0.45 are also patched for these vulnerabilities.