Debian Security Advisory 1312-1 - It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.
d6e583ec69a0e856aaa4acac15a004b79f0f9e922d60c725400771ac6e3f4fd8