The version of tomcat installed on the remote host is prior to 8.5.63-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-009 advisory.

    A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances,     an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization     of the file under their control. The highest threat from the vulnerability is to data confidentiality and     integrity as well as system availability. (CVE-2020-9484)

    A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could     duplicate request headers and a limited amount of request body from one request to another meaning user A     and user B could both see the results of user A's request. The highest threat from this vulnerability is     to data confidentiality. (CVE-2021-25122)

    The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to     9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be     used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published     prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to     this issue. (CVE-2021-25329)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-009)

high Nessus Plugin ID 181968

Version 1.3

Version 1.2

Version 1.1

Version 1.1

Version 1.0

Version 1.3 Dec 12, 2024, 9:55 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202412120955
Version 1.2 Sep 29, 2023, 12:16 AM CEA reference Plugin Feed: 202309290016
Version 1.1 Sep 28, 2023, 4:12 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309281612
Version 1.1 Sep 28, 2023, 10:22 PM CEA reference Plugin Feed: 202309282222
Version 1.0 Sep 27, 2023, 10:33 PM New Plugin Feed: 202309272233