Please Install the Updated Packages.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. (CVE-2013-2067) Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
tomcat6 on CentOS 6
Updated on 2015-03-25