Apache Tomcat could allow a remote attacker to traverse directories on the system. Apache Tomcat is used by IBM Algo Audit and Compliance.
CVEID: CVE-2015-5174**
DESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110860 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM Algo Audit and Compliance versions 2.1.0
Download and install IBM Algo Audit and Compliance version 2.1.0.3 Interim Fix 2 from Fix Central, details available at <http://www-01.ibm.com/support/docview.wss?uid=swg24042349>