Control Scan has returned this as a vulnerability in Tomcat 8.0.38:
Vulnerable version of Apache Tomcat: 8.0.38
Risk: High (3)
Port: 443/tcp
Protocol: tcp
Threat ID: web_dev_tomcatver
Details: 404 Error Page Cross Site Scripting Vulnerability
12/21/09
Apache Tomcat is prone to a cross-site scripting vulnerability because
it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in
the browser
of an unsuspecting user in the context of the affected site.
Apache Tomcat mitigates HTTP_PROXY environment variable "httpoxy" issue
I have read everything I can find and it still doesn't make sense... can
someone help to point me in the correct direction?
I am further puzzled because this is the first time this has come up and
we run Tomcat for years... note that the date is listed as 12-21-2009.
Thanks,
Carl