Tomcat can, in very rare circumstances, permit a user from a non-permitted IP address to gain access to a context protected with a valve that extends RemoteFilterValve.

-</p>

Make your website safer. Use external penetration testing service. First report ready in one hour!</p>

http://www.securiteam.com/unixfocus/6J00D0KMUS.html