This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to execute arbitrary code on vulnerable installations of Apache Jetspeed.
The Import/Export function in the Portal Site Manager, part of the Jetspeed Administrative Portlets, is vulnerable to a path traversal via specially crafted file names in ZIP archives. Any user with permission to upload files via this function can upload a file with a name like "../../../../tmp/foo" to write a file named "foo" in the /tmp directory.