SUSE CVE-2006-2759

jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...

Customized variables whose values are hidden passwords are unmasked revealing the password in the build summary

Step to replicate Create two variables passworder and Passworder notice p with caps Run a customize build overridden the contents of the field While the fields remains hidden in the metadata as expected, the variable with capital P has it values revealed in the build summary see screenshot...