JavaServer Web Dev Kit Request Arbitrary File Access
Remote / Network Access
Loss of Confidentiality
JavaServer Web Dev Kit contains a flaw that allows lead to an unauthorized information disclosure. The issue is due to the Javasever Web Dev Kit not properly sanitizing user input By sending a specifically crafted URL request with "dot dot" sequence(../../) via port 8080, a remote attacker can access unauthorized files, which leads to a loss of confidentiality.
Upgrade to version 1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.