Apache Tomcat allows the upload of JSP files to unauthenticated users via a specially crafted request when the readonly initialization parameter of the Default servlet is set to false.
CVE Link
Exploit Type - Old
Exploits/Remote
Product Name