BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
http://www.vupen.com/english/advisories/2007/0213
http://www.securityfocus.com/bid/22082
http://securitytracker.com/id?1017525