In the case of the http connector, the path is decoded without the encoded slash / anti-slash being interpreted. The HttpRequestParser component actually uses the ALLOW_ENCODED_SLASH option of the Undertow server to determine whether or not to decode them. By default the option is set to false. A CVE of type traversal path is also referenced in the source code to explain the presence of the option and its positioning to false (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE -2007 to 0450).
In the case of the Ajp connector, we do not have the same preconceptions when decoding the url. The connector does not use the ALLOW_ENCODED_SLASH option. The AjpRequestParser used to build the exchange object (HttpServerExchange) will use a java.net.UrlDecoder to decode the url. The latter will interpret the slash / anti-slash characters encoded in the url.