Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service.