An updated Tomcat package that fixes multiple security issues is now
available for Red Hat Application Server.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Tomcat is a servlet container for Java Servlet and JavaServer Pages
Multiple cross-site scripting flaws were found in the example applications
shipped with Tomcat. If these scripts were made publicly available, a
remote attacker could construct a carefully crafted URL to inject arbitrary
web content into the vulnerable application. (CVE-2006-0254)
All users of Tomcat are advised to upgrade to these updated packages, which
contain backported fixes for these issues.