The host is installed with Apache Tomcat 7.x before 7.0.80 and is prone to a remote code execution vulnerability. A flaw is present in the readonly initialization parameter of the default servlet, when running with HTTP PUTs enabled. Successful exploitation allows attackers to upload a JSP file to the server via a specially crafted request.