Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."
http://www.vupen.com/english/advisories/2007/0970
http://www.vupen.com/english/advisories/2006/2482
http://www.securityfocus.com/bid/22991
http://www.securityfocus.com/bid/18578
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876