Bugzilla – Bug 865743
VUL-0: CVE-2013-4590: tomcat: information disclosure via XSS when running untrusted web applications
Last modified: 2014-09-01 13:57:07 UTC
Application provided XML files such as web.xml, context.xml, *.tld, *.tagx and *.jspx allowed XXE which could be used to expose Tomcat internals to an attacker. This vulnerability only occurs when Tomcat is running web applications from untrusted sources such as in a shared hosting environment.
This has been corrected in upstream versions 8.0.0-rc10 , 7.0.50 , and 6.0.39 
bugbot adjusting priority
we released a tomcat 6.0.41 version update for SLE11, SLE12 has 7.0.54