Apache Geronimo Application Server versions 2.1 through 2.1.3 suffer from a directory traversal file upload vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76747/DSECRG-09-018.txt
Source: https://packetstormsecurity.com/files/76747/Apache-Geronimo-Directory-Traversal.html