Setting crossContext to true allows for an application to call ServletConext.getContext to return a dispatcher for another application. Rationale: Allowing crossContext creates the possibility for a malicious application to make requests to a restricted application.
Solution
Set the crossContext attribute in all context.xml files to false: <Context ... crossContext='false' /> Default Value: By default crossContext has a value of false.