Tomcat 4.x JSP Source Exposure

Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet.
Solution
Upgrade to the last releases 4.0.5 and 4.1.12. See http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/ for the last releases.