This technote identifies a known Apache Tomcat security vulnerability which will cause IBM Rational AppScan to throw a warning when run against IBM Rational Quality Manager server version 18.104.22.168 and below.
AppScan reports security vulnerability CVE-2009-0033.
This is a known security vulnerability affecting Apache Tomcat versions 5.5.0 through 5.5.27 (among other versions).
IBM Rational Quality Manager 22.214.171.124
Resolving the problem
Upgrade to Rational Quality Manager 2.0.1 or higher. Version 2.0.1 includes Apache Tomcat 5.5.28, which is not affected by this vulnerability.