A security vulnerability has been found in all Tomcat 4.x releases. An open-source Java Servlet application server, Tomcat could be exploited by a malicious user to view the source code and other static material used in a JSP page.
Packages for tomcat3 are not vulnerable to this problem.
Debian recommends all other users update.
For the update, click here.