Improper Input Validation
The readObject method in the DiskFileItem class in JBoss Web allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Advisories for Maven/Org.jboss.web/Jbossweb package
2014