Apache Tomcat versions 8.0.0-RC1, 7.0.0 through 7.0.42, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability due to an incomplete fix for CVE-2005-2090.
85aca72a0ab50801bdc11f8b35cd76f7c8566b582f96d36c721332941fd2bdcc
Multiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.
c8609f8dceb80de59813e4e08c5e56ee0e21604a9ddf888c621eda88cd823b65
VMware Security Advisory - Updated Tomcat and JRE security updates have been issued for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1.
d70ad50277bcd17773dae218bfe21840a7f7e10fd23649fa024d2109224a5aa9
HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
85ce851efccb71b60d9f0e47f9402e4ce2d6740afac5c78fc233d8379f869bc3