org.apache.catalina.servlets.DefaultServ let allows to access any JSP code.
vulners.com/securityvulns/securityvulns:doc:3532