COMMAND

    Java Web Server

SYSTEMS AFFECTED

    Java Web Server

PROBLEM

    Joe Testa found following.  A vulnerability exists which allows  a
    remote user to break out of the web root using relative paths (ie:
    '..', '...').

        http://localhost/../[file outside web root]
        http://localhost/.../[file outside web root]

SOLUTION

    No quick fix is possible.