Apache has released a security update to address an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code ... run Java-based web applications.