Few third party vulnerability scanning tools has reported that OpManager has this
DOS vulnerability CVE-2007-6750 CVE-2012-5568.
TOMCAT developers have mentioned that it is not a vulnerability in TOMCAT and they don't have the plans to to fix it.
Please check the link below.
Sending an HTTP request 1 byte at a time will consume a thread from the connection pool until the request has been fully processed if using the BIO or APR/native HTTP connectors. Multiple requests may be used to consume all threads in the connection pool thereby creating a denial of service.
Since the relationship between the client side resources and server side resources is a linear one, this issue is not something that the Tomcat Security Team views as a vulnerability. This is a generic DoS problem and there is no magic solution. This issue has been discussed several times on the Tomcat mailing lists. The best place to start to review these discussions is the report for bug 54236.
OpManager users might need to worry about this DOS vulnerability only when it is hosted external(internet). Since OpManager is mostly internal, the impact of this DOS attach would be nil or negligible in OpManager. Even if it is external, user can configure some firewall policies to mitigate this DOS attack as mentioned here.