|Directory traversal vulnerability in Apache Tomcat 4.1.0 through
4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when
allowLinking and UTF-8 are enabled, allows remote attackers to read
arbitrary files via encoded directory traversal sequences in the URI,
a different vulnerability than CVE-2008-2370. NOTE: versions earlier
than 6.0.18 were reported affected, but the vendor advisory lists
6.0.16 as the last affected version.