A flaw was reported in the Undertow module of WildFly that leaks the source code of a JSP page when a trailing slash (/) is added to the end of its URL. This issue did not affect any versions of Red Hat JBoss Enterprise Application Platform because this flaw only affects the Undertow web module; JBoss EAP uses JBoss Web.
References: https://issues.jboss.org/browse/WFLY-4595
Confirmed this is not a problem for EAP 6.4.x.
Marking this as closed. It has been fixed in WildFly 9.0.0.CR2, 10.0.0.Alpha1.