https://wccftech.com/apache-tomcat-patches-vulnerabilities/

The Apache Software Foundation (ASF) informed users of several security vulnerabilities in its Tomcat application server, including bugs that could lead to information disclosure and denial-of-service (DoS) condition. An open source implementation of the Java Servlet, JavaServer Pages (JSP), Java WebSocket and Java Expression Language technologies, Apache Tomcat is the most widely used web application server boasting a market share of over 60 percent.

US-CERT has released an alert recommending users to review the Apache advisories and apply the updates. These latest flaws are less likely to be exploited in the wild, unlike the Apache Struts vulnerabilities that were exploited to breach the systems of Equifax late last year, reports THN. That bug had leveraged common username and password combinations, making it more easily exploitable.