The host is installed with Apple Mac OS X Server before 10.6.3 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle a .. (dot) in an entry in a WAR file. Successful exploitation could allow remote attackers to create or overwrite arbitrary files.