1 matches found
Tomcat/JBossWeb: Arbitrary file upload via deserialization
It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...