As per the link below, Tomcat is vulnerable to HTTP request smuggling.
The TOMCAT version that came integrated with CABI 7.1.1 is vulnerable.
What is the upgrade process for Tomcat from 8.5.30 be upgraded to 8.5.68 or higher?
Release : 14.3
Download the most recent minor release of Tomcat 8.5.X from the below link:
For upgrading the minor version you can try the below steps before doing a reinstall.
1) Back up your current Tomcat directory -- just in case
2) Download and extract the new version to a local directory
3) Stop Tomcat
4) Replace the files in /old-tomcat/lib with files from /new-tomcat/lib
5) Start Tomcat
Reference the below guide from Apache for further information: