Java based web applications that must accept file uploads must ensure that an adversary cannot upload or transfer malicious files. If a restricted file containing code is executed by the target system, it can result in misuse of privileges. For example, an application that permits HTML files to be uploaded could allow malicious code to be executed - an attacker can submit a valid HTML file with a cross-site-scripting payload that will execute in the absence of an output escaping routine. For this reason, many applications restrict the type of files that can be uploaded.
...