Basically, Not affected.
The condition of this security vulnerability is to set "readonly" property = false under "DefaultServlet" class in CATALINA_HOME/conf/web.xml. If "readonly" is not set, the value is "true" by default. RA installer is not set "readonly" property, so it is not affected by this vulnerability despite RA doesn't use latest tomcat build.
Please check if your web.xml is modified on purpose manually.