The version of Tomcat installed on the remote host is prior to 7.0.90. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_7.0.90_security-7 advisory. The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. (CVE-2018-8034) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
Apache Tomcat 7.0.25 < 7.0.90
