SEC Consult Security Advisory 20070314-0 - If the Apache HTTP Server and Tomcat are configured to interoperate with the common proxy modules (mod_proxy, mod_rewrite, mod_jk), an attacker might be able to break out of the intended destination path up to the webroot in Tomcat.
ae0accd7dd41279f8531f981d7995776526f842a5d6e404b34ae2a7019a86a97