ccording to its self-reported version number, the Apache Tomcat server listening on the remote host is 7.0.x prior to 7.0.59. It is, therefore, affected by a security bypass vulnerability due to a flaw that occurs when handling expression language. A remote attacker can exploit this, via a crafted web application, to bypass the security manager protection and execute arbitrary code.