Tomcat by default supports multipart mime types. For this purpose it uses apache commons fileupload library. However when there is a request longer then approximately 4 kb, tomcat goes to an endless loop which finally causes a high usage of cpu resources. This vulnerability is present in tomcat 7 and 8 versions only and there are patches that can be applied manually.
http://www.javacodegeeks.com/2014/02/apache-tomcat-and-denial-of-service-vulnerability.html
http://www.javacodegeeks.com/2014/02/apache-tomcat-and-denial-of-service-vulnerability.html