Apache has released security update to address vulnerabilities in Apache Tomcat 7.0.x prior to v.7.0.91, Tomcat 8.5.x prior to v.8.5.43 and Tomcat 9.0.x prior to v.9.0.12. Exploitation of these vulnerabilities may allow an attacker to redirect the user into malicious websites.
Users and administrators are encouraged to review Apache Tomcat Security Page and apply necessary updates.