The remote web server is missing an Apache Tomcat patch update.
Apache Tomcat 6.0.x before 6.0.45, 7.0.x before 7.0.68, or 8.0.x before 8.0.30 is affected a flaw that is due to the program, when handling a request for a directory that is missing a trailing slash, redirecting to URLs with a trailing slash before enforcing access restrictions. This may allow a remote attacker to enumerate valid directories.
Update to Apache Tomcat version 8.0.30 or later. If version 8.0.x cannot be obtained, versions 7.0.68 and 6.0.45 are also patched for these vulnerabilities.