BEA WebLogic 5.1.x allows remote malicious users to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
bea weblogic server 5.1