IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."
http://www.vupen.com/english/advisories/2007/0970
http://www.securityfocus.com/bid/22991
http://www-1.ibm.com/support/docview.wss?uid=swg24013032