Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure.