Apache Tomcat is prone to a directory-traversal vulnerability and to an authentication-bypass vulnerability. Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory or gain unauthorized access to files and directories.. The following versions are affected: Tomcat 5.5.0 through 5.5.28 Tomcat 6.0.0 through 6.0.20
The vendor has released updates. Please see the references for details.