CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
91.9%
According to its self-reported version number, the instance of Apache Tomcat 8.0.x listening on the remote host is prior to 8.0.4. It is, therefore, affected by the following vulnerabilities:
An error exists related to chunk size and chunked requests that allow denial of service attacks. (CVE-2014-0075)
An error exists related to content length header handling and Apache JServ Protocol (AJP) requests that allow denial of service attacks. (CVE-2014-0095)
An error exists related to XSLT handling and security managers that allow a security bypass related to external XML entities. (CVE-2014-0096)
An error exists related to content length header handling and using the application behind a reverse proxy that could allow security bypass. (CVE-2014-0099)
Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.
Binary data 8936.pasl