source: https://www.securityfocus.com/bid/5838/info

Apache Tomcat is reported to be prone to a vulnerability which may enable remote attackers to disclose the contents of directories.

This issue is reported to affect Apache Tomcat 3.2.x on HP-UX 11.04 (VVOS) systems. It is not known whether other systems are also affected.

GET /%3F.jsp HTTP/1.0