Version 1.46 of bcprov-jdk16, that is shipped inside WEB-INF/lib, suffer of a security flaw reported by CVE-2013-1624.
There are no public patches available to fix the 1.46 version, and the flaw has been resolved from version 1.48 onward, that has some different APIs and not retrocompatible.
Is it possible to evaluate the update of the version of the library?