The remote host is missing an update to tomcat6 announced via advisory DSA 2401-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202401-1

Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written into a logfile. CVE-2011-2526 Missing input sanisiting in the HTTP APR or HTTP NIO connectors could lead to denial of service. CVE-2011-3190 AJP requests could be spoofed in some setups. CVE-2011-3375 Incorrect request caching could lead to information disclosure. CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests. Additional information can be found at http://tomcat.apache.org/security-6.html For the stable distribution (squeeze), this problem has been fixed in version 6.0.35-1+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 6.0.35-1. We recommend that you upgrade your tomcat6 packages.