Amazon Linux AMI Security Advisory: ALAS-2015-525
Advisory Release Date: 2015-05-14 23:50 Pacific
It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.
Run yum update tomcat6 to update your system.