Apache Tomcat readonly Initialisation Parameter JSP Remote Code Execution Exploit

Apache Tomcat allows the upload of JSP files to unauthenticated users via a specially crafted request when the readonly initialization parameter of the Default servlet is set to false.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2017-12617
Product Version: 
2017_R2
Released Date: 
Thursday, October 5, 2017 - 00:00