IBM WebSphere Application Server - Unauthenticated Source Code Disclosure via InvokerServlet
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.