BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25347
http://www.vupen.com/english/advisories/2006/1021
http://www.securityfocus.com/bid/17166
http://securitytracker.com/id?1015792