Path traversal in a Tomcat server

A vulnerability exposed internal resources such as the administrator page on the server operated by LINE. The path normalization vulnerability arises from a misconfiguration between the reverse proxy and the WAS. This vulnerability occurred in the process of correcting an incorrect path in the proxy settings set by nginx and others. In this case, the attacker entered the string "..;/" into the URL's path, and the path was passed to Tomcat. Tomcat treats "..;/" as "../" and accesses the requested path as the path to transmit the resource.