Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
http://secunia.com/advisories/17416
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/33668
http://securitytracker.com/id?1015147
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://www.redhat.com/support/errata/RHSA-2006-0161.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.vupen.com/english/advisories/2008/1979/references