If you feel like making an exploit public, go right ahead. Just make sure you send your patch along with it.
What? No patch? It's a java servlet app, not an ELF binary. Unzip the .war, decompile the classes with jad, and fix the damn thing yourself.
I've lost patience with the attention whoring from wannabe security researchers.