Debian: DSA-5893-1: tomcat10
Apr04
A security vulnerability was found in Tomcat 10, a Java based web server and servlet engine. A malicious user was able to view security sensitive files and/or inject content into those files when writes were enabled for the default servlet (disabled by default) and support for partial PUT was enabled