The host is installed with Apache Tomcat 9.0.0.M9 through 9.0.9, 8.5.x through 8.5.31 and is prone to an information disclosure vulnerability. A flaw is present in application, which fails to properly handle async requests. Successful exploitation could result in a user seeing a response intended for another user.