We recently got an error report from a user of one of the systems we have developed, showing that the response from a different request had been appended to the original response.
The original response was the front page of a site, generated with jsp, and the appended response was a excel file generated a few seconds earlier.
Our current hypothesis is that some buffer in either httpd(2.2.22) or Tomcat (7.0.35) has been recycled. Httpd is connected to Tomcat using http proxypass.
I have started trying to reproduce the problem, but thought I should try the mailing lists of both httpd and tomcat before continuing.
What I have done thus far is: concatenating html and excel to verify that it is possible to open and looks the way the user experienced; building a custom version of Tomcat that uses the same Processor for each request and configured to use only one thread.
This seems a bit similar to the issue described in http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.12 (CVE-2011-1475)
Some results when googleling suggests that this could happen when jsp tags are not coded properly, but I have not found any such code in our applications.