|Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0
through 6.0.16, when a RequestDispatcher is used, performs path
normalization before removing the query string from the URI, which
allows remote attackers to conduct directory traversal attacks and
read arbitrary files via a .. (dot dot) in a request parameter.