Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.
2554deef0443d375e952662e346879fa72a6339fcb77237d7e198b3b4d27ff87
Changes introduced into Apache Tomcat version 7.0.11 to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.
501487f42ce2fb5f3296da2502f12843f17bb597d28ef9115797ae26e604495d