# Path Traversal via reverse proxy mapping| Tomcat will threat the sequence /..;/ as /../ and normalize the path while reverse proxies will not normalize this sequence and send it to Apache Tomcat as it is.
https://www.acunetix.com/vulnerabilities/web/tomcat-path-traversal-via-reverse-proxy-mapping/# all version prior to April 2020# CVE-2020-9484 | Deserialization of Untrusted Data RCE|ROMEmethodtogenerate.jar|ctf-scripts/tomcat-v9.0.31-deserialization-rce.sh (msf ripoff)| (msf) exploit/linux/http/apache_ofbiz_deserialiation|CommonsCollections2methodtogenerate.jar|https://github.com/PenTestical/CVE-2020-9484-uses | manual: https://romnenko.medium.com/apache-tomcat-deserialization-of-untrusted-data-rce-cve-2020-9484-afc9a12492c4