I was inspecting about Apache vulnerabilities and TomCat is the problem, which use Java.
Maybe the problem is not in Apache or in Java, or in TomCat, but since I don't use Java modules, I can rest a bit more in that aspect.