An Oracle JVM bug can cause a denial of service condition in Apache Tomcat. Tomcat is affected when accessing a form based security constrained page or any page that calls javax.servlet.ServletRequest.getLocale() or javax.servlet.ServletRequest.getLocales().
bb7e476455b13103c1b42906a2ce4f60cca8e94d51b3103f036833820c1bd33b