Cross site request forgery (csrf)

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via 1 dot, 2 space, 3 slash, or 4 NULL characters in the filename extension of an HTTP request...