The current version avilable for FreeBSD is vulnerable since 05.01.2017 and has already been patched upstream. (2 version's higher)
See here: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Vulnerabilities see here: https://vuxml.freebsd.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html
Available version @ ports: 7.0.73
Patched version @ upstream: 7.0.75
Thanks for taking a look at it.
A commit references this bug:
Date: Sun Mar 5 02:47:49 UTC 2017
New revision: 435442
Update to 7.0.75 release.
Reported by: Dani <firstname.lastname@example.org>
Approved by: ports-secteam (with hat)
(In reply to Dani from comment #0)
Thanks for the report! The update looks to have slipped in as a routine update in ports/head after this PR was opened and was just merged to quarterly. All actions are completed.