Versions of Tomcat 7.0.x earlier than 7.0.5 are potentially affected by a cross-site scripting vulnerability because the application uses the user supplied parameters ‘sort’ and ‘orderBy’ directly wihtout filtering.
Binary data 800614.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
tomcat.apache.org/security-7.html