Apache has released a security update to address an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution.