source: https://www.securityfocus.com/bid/7709/info
Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead serve it as a normal web resource.
This issue exists for Sun ONE Application Server 7.0 on Microsoft Windows platforms. Previous versions may also be affected.
GET /[script].JSP HTTP/1.0
where [script] is the name of a script hosted by the server.