source: https://www.securityfocus.com/bid/4876/info
Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation.
Under some circumstances, Tomcat may yield sensitive information about the web server configuration. When the source.jsp page is passed a malformed request, it may leak information. This information may include the web root directory, and possibly a directory listing.
http://example.com:80/examples/jsp/source.jsp??
http://example.com:80/examples/jsp/source.jsp?/jsp/