Summary:
The application at ████████/ftn-Website/ uses primefaces 5.3 but not 5.3.8, making it vulnerable to unauthenticated RCE CVE-2017-1000486.
python primefaces.py ███/ftn-Website/ -c id
uid=91(tomcat) gid=91(tomcat) groups=91(tomcat) context=system_u:system_r:tomcat_t:s0
primefaces 5.3
Update primefaces.
An unauthenticated, 3rd-party attacker or adversary can execute remote code on restsvr1.ftn.research.usafa.edu as the unix tomcat
user. Note that this service uses a DoD IP, suggesting an attacker could potentially pivot elsewhere afterwards.