Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via … (dot dot) sequences and the WEB-INF directory in a Request.
jvn.jp/en/jp/JVN63832775/index.html
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
marc.info/?l=bugtraq&m=127420533226623&w=2
marc.info/?l=bugtraq&m=129070310906557&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
secunia.com/advisories/35393
secunia.com/advisories/35685
secunia.com/advisories/35788
secunia.com/advisories/37460
secunia.com/advisories/39317
secunia.com/advisories/42368
secunia.com/advisories/44183
sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
support.apple.com/kb/HT4077
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2011/dsa-2207
www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
www.mandriva.com/security/advisories?name=MDVSA-2009:136
www.mandriva.com/security/advisories?name=MDVSA-2009:138
www.mandriva.com/security/advisories?name=MDVSA-2010:176
www.securityfocus.com/archive/1/504170/100/0/threaded
www.securityfocus.com/archive/1/504202/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/35263
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/1520
www.vupen.com/english/advisories/2009/1535
www.vupen.com/english/advisories/2009/1856
www.vupen.com/english/advisories/2009/3316
www.vupen.com/english/advisories/2010/3056
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445
www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html