Ubuntu Security Notice 899-1 – It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86216/USN-899-1.txt
Source: https://packetstormsecurity.com/files/86216/Ubuntu-Security-Notice-899-1.html