Improper Input Validation
The readObject method in the DiskFileItem class in JBoss Web allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
The readObject method in the DiskFileItem class in JBoss Web allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.