The host is installed with Apache Tomcat 6.0.x before 6.0.40, 7.x before 7.0.54 or 8.x before 8.0.6 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted web application. Successful exploitation allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in c ...