BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
https://exchange.xforce.ibmcloud.com/vulnerabilities/26461
http://www.vupen.com/english/advisories/2006/1828
http://securitytracker.com/id?1016100