IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.Referenceshttp://marc.info/?l=bugtraq&m=98583082225053&w=2
