A servlet runs within the Web server and, if allowed, can access the file system and network or could even call System.exit() to shutdown the Web server. Giving a servlet this level of trust is not advisable, and most Web servers run servlets in a sandbox, which restricts the damage a rogue servlet could potentially cause.
A servlet sandbox is an area where servlets are given restricted access to the server. Servlets running in the sandbox can be constrained from accessing the file system and network. This is similar to how Web browsers control applets. The implementation of the sandbox is server dependent, but a servlet in a sandbox is unlikely to be able to
Access server files
Access the network
Run commands on ...