The remote openSUSE host is missing a security update.
Tomcat was updated to fix security issues and bug: CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root. CVE-2013-2067: java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat did not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. CVE-2012-3544: Tomcat were affected by a chunked transfer encoding extension size denial of service vulnerability. Also the following bug was fixed : - Fix tomcat init scripts generating malformed classpath (http://youtrack.jetbrains.com/issue/JT-18545) bnc#804992