Red Hat Security Advisory 2013-1428-01 – The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. Warning: Before applying the update, back up your existing Red Hat JBoss Enterprise Web Server installation…. Red Hat Security Advisory 2013-1428-01 – The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. Warning: Before applying the update, back up your existing Red Hat JBoss Enterprise Web Server installation.

Read more http://packetstormsecurity.com/files/123613/RHSA-2013-1428-01.txt