Release : 10.3
Component : Spectrum OneClick
If you don't need the feature provided by Axis2, then you can manually remove it from your installation location.
Please follow these steps and it should avoid this vulnerability:
1. Stop the OneClick Tomcat service.
2. Navigate to $SPECROOT/tomcat/webapps/axis2/axis2-web and delete/backup/move the HappyAxis.jsp file (move outside the tomcat folder)
3. Navigate to $SPECROOT/tomcat/work/Catalina/localhost/axis2/org/apache/jsp/axis2_002dweb and delete both HappyAxis_jsp.java and HappyAxis_jsp.class files.
4. Start the OneClick Tomcat service and test the vulnerability. As the file itself is not available it will not have any vulnerability.
This vulnerability will be addressed in Spectrum 21.2 release.