IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container.
http://www.vupen.com/english/advisories/2007/0970
http://www.securityfocus.com/bid/22991
http://www-1.ibm.com/support/docview.wss?uid=swg24013840
http://www-1.ibm.com/support/docview.wss?uid=swg24008814