Vulnerability scan found these three problems.
Security Finding #1 (port 8443) AutoComplete Attribute Not Disabled for Password in Form Based Authentication [ port 8443] GET /examples/jsp/security/
Security Finding #2 [ port 15100] Web Server Uses Plain Text Basic Authentication GET /manager/status HTTP/1.1
Security Finding #3 [ Port 8080] AutoComplete Attribute Not Disabled for Password in Form Based Authentication GET /examples/jsp/security/
Release : 12.1
Component : CA OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS
Security Findings 1 & 3 vulnerabilities are in the Tomcat supplied "examples" application.
Security Finding #3 is caused from the Tomcat supplied "manager "application that has been configured for use.