The version of tomcat installed on the remote host is prior to 8.5.100-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2024-020 advisory. Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. (CVE-2024-34750) Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More