|CVSS SCORE||7.8, (AV:N/AC:L/Au:N/C:C/I:N/A:N)|
|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 29800. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator.