Outdated Apache | Risk: High | CVE: CVE-2014-0198,CVE-2014-0221,CVE-2014-3470,CVE-2010-5298,CVE-2014-0195,CVE-2014-0224
Issue: Apache Tomcat Multiple Vulnerabilities (20140903)
Description: Apache Tomcat web server contains multiple vulnerabilities in its bundled versions of OpenSSL that could result in buffer overflows, denial of service, man-in-the-middle attacks and more.
Fix: Upgrade Apache Tomcat to version 7.0.55, 8.0.11 or later.
It is possible that these are false positive as a result of backporting patches since Retina only goes by the version number from the banner. If this is the case, please verify that these CVEs have been patched and send us a screenshot that Apache is up to date or the CVEs have been patched if possible.
I'm at a loss as to how to respond to this request. Are there any server/config gurus out there lend a hand on how to either patch it or give a response?