WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote malicious users to cause a denial of service (crash) via a URL that ends in %2e.
ibm tivoli secureway policy director 3.8