CVE-2016-0709
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
Date published : 2016-04-11
https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709