IBM Security Bulletin: Security vulnerability about Apache Tomcat JSP file upload in WebSphere Application Server Community Edition 3.0.0.4

Unrestricted file upload vulnerability in Apache Tomcat which is shipped with WASCE 3.0.0.4, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing...



from IBM Product Security Incident Response Team http://ibm.co/1orZs5h