Attacker can control the content and name of the file on the server. There are couple of conditions must be satisfied for a successful attack.
Vulnerable Versions are listed below.
Change your Apache Tomcat versions other than listed vulnerable ones. If you are using PersistenceManager, Configure its sessionAttributeValueClassNameFilter other than "Null". This will also eliminates this vulnerability.