Thanks Guys. As per my reading of the suggested material and looking at the logs that Andre has shared, I think there are two ways in which the directory traversal attack could be made.
1. By having ..\ equivalents in the URL itself 2. By having ..\ equivalents in the request parameters. In my case, I am not worried about the request parameters since my application doesn't handle any such path related queries and all request parameters are signed by our client app. So, It would really help me narrow down on a course of action ff you guys can tell me - *Whether someone can get access to any file/directory outside the tomcat webapps folder using "Style 1 (using ..\ equivalent in the URL itself) Directory traversal attack (scoped to Tomcat) on Windows".*