Tomcat is vulnerable to directory traversal. The methods getResource(), getResourceAsStream(), and getResourcePaths() in ServletContext do not correctly validate that the paths given to them do not contain “/…”. However the impact of the directory traversal is limited as “/…/” is rejected. This allows malicious web applications to expose the directory listings for $CATALINA_BASE/webapps