BEA WebLogic Portal 8.1 through SP4 allows remote malicious users to obtain the source for a deployment descriptor file via unknown vectors.
oracle weblogic portal 8.1