Apache Tomcat allows the upload of JSP files to unauthenticated users via a specially crafted request when the readonly initialization parameter of the Default servlet is set to false. CVE Link CVE-2017-12617 Exploit Platform Windows Linux Exploit Type Exploits Remote Product Name Impact