https://www.exploit-db.com/exploits/21073

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/3199/info

When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks.

Jakarta Tomcat can be configured to display an alternate error file. By default it is not. 

http://webserver.com/java.jsp