Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in denial of service.