Directory Traversal attacks were introduced in Tomcat by using the allowlinking option with the coyote connector.
This option is not present in the version of tomcat Managed Objects is using (version 4.1.12).
The allowlinking option only affects Tomcat versions 5.5.0-5.5.26.
More information can be found at: http://tomcat.apache.org/security-5.html (look into Directory traversal section)
Tomcat provides an allowLinking attribute in the StandardContext to enable tomcat running on Linux platform to serve paths associated with the symbolic links. If the value of this attribute is true, symbolic links will be allowed inside the web application, pointing to resources outside the web application base path. Default value is false.