IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26312
http://www.vupen.com/english/advisories/2006/1724
http://www.securityfocus.com/bid/17900