[原文]Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine.
IBM WebSphere Application Server (WAS) Encoded Space (%20) Request JSP Source Code Disclosure
Remote / Network Access
Loss of Confidentiality
Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.
Patch PQ99537 for versions 5.0 and 5.1
Patch PK00091 for version 6.0