Agostino Sarubbo reported on the oss-security mailing list  that, on Gentoo, Tomcat 7's log directory is world-accessible and the log files inside the directory are world-readable. This could allow an unprivileged user to read the log files.
This issue did NOT affect the versions of the tomcat package, as shipped with Fedora release of 17 and 18.
Red Hat does not regard this to be a security flaw. The tomcat log directory does not contain any sensitive information, and when sensitive information has been written to log files, this has been considered a security flaw in tomcat (e.g. CVE-2011-2204). This issue was reported to the Apache Tomcat project, and they have not considered it a flaw in any published security advisories.