I can upgrade Tomcat myself, but that approach isn't documented and isn't likely to be supported by Adobe.
Tomcat is bundled as part of ColdFusion 11, so I would hope Adobe would either provide a hotfix or suggest a supported method to upgrade Tomcat.
Tomcat 7.0.59 fixes the following issues:
- Security Manager bypass CVE-2014-7810
- Request Smuggling issue CVE-2014-0227
- Denial of Service issue CVE-2014-0230