Description
Web servers and reverse proxies normalize the request path. For example, the path /image/../image/ is normalized to /images/. When Apache Tomcat is used together with a reverse proxy such as nginx there is a nromalization inconsistency.
Tomcat will threat the sequence /..;/ as /../ and normalize the path while reverse proxies will not normalize this sequence and send it to Apache Tomcat as it is.
This allows an attacker to access Apache Tomcat resources that are not normally accessible via the reverse proxy mapping.
Remediation
Configure the reverse proxy to reject paths that contain the Tomcat path parameter character ;.
References
Related Vulnerabilities
WordPress 5.1.x Directory Traversal (5.1 - 5.1.18)
WordPress Plugin Events Calendar for Google Local File Inclusion (2.1.0)
WordPress Plugin myEASYbackup 'dwn_file' Parameter Directory Traversal (1.0.8.1)
Node.js path validation vulnerability
WordPress Plugin wpForo Forum Multiple Vulnerabilities (2.1.7)