JSP source code disclosure, crossite scripting, weak encryption.
vulners.com/securityvulns/securityvulns:doc:4598