The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a .. (dot dot) in sequences and the WEB-INF directory in a request. Successful exploitation allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks.