Apache Tomcat Directory Traversal

Description

Apche Tomcat permits '', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy (including, but not limited to, Apache HTTP server with mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP request containing strings like "/../" may allow attackers to work around the context restriction of the proxy, and access the non-proxied contexts.

Impact
An attacker can bypass the content restriction of the proxy and access non-proxied contexts.

Recommendation
Upgrade to Apache Tomcat 5.5.22/6.0.10 or newer.

References
Apache Tomcat Directory Traversal
Apache Tomcat proxy module directory traversal
CVE-2007-0450