BEA WebLogic 5.1.x allows remote malicious users to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
bea weblogic server 5.1