Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html
www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload
mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E
portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710
www.exploit-db.com/exploits/39643/