The host is installed with Apache Tomcat 5.5.0 through 5.5.28 or 6.0.0 through 6.0.20 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails handle a .. (dot dot) in an entry in a WAR file. Successful exploitation allows remote attackers to create or overwrite arbitrary files.