Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)

Summary
The host is running Apache Tomcat Server and is prone to multiple security bypass vulnerabilities.
Impact
Successful exploitation could allow remote attackers to bypass intended access restrictions by sniffing the network for valid requests. Impact Level: Application
Solution
Apply patch or upgrade Apache Tomcat to 5.5.36, 6.0.36, 7.0.30 or later, For updates refer to http://tomcat.apache.org/ ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****
Insight
The flaws are due to error in HTTP digest access authentication implementation, which does not properly validate for, - stale nonce values in conjunction with enforcement of proper credentials - caches information about the authenticated user within the session state - cnonce values instead of nonce and nc values.
Affected
Apache Tomcat version 5.5.x to 5.5.35, 6.x to 6.0.35 and 7.x to 7.0.29
References