It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on the Tomcat server by sending a specially crafted request to that server.
The flaw was introduced in the tomcat-7.0.42-4.el7 build.
This issue has been addressed in following products:
Red Hat Enterprise Linux 7
Via RHSA-2014:0686 https://rhn.redhat.com/errata/RHSA-2014-0686.html