Check here:
https://security-tracker.debian.org/.../CVE-2013-2067
(You'll get an invalid ssl cert message for some reason)
Debian hasn't fixed the flaw in Tomcat 7 in Wheezy, but it is Fixed in Jessie and Sid.
Tomcat 6 is fine, too.
Personally, I would just download it and compile it from source (http://tomcat.apache.org/download-70.cgi) if it was that big of a problem.
Note: This might cause issues down the line as far as staying up-to-date.
Bookmarks