Simple Webserver is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to retrieve arbitrary files in the context of the application. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

• http://packetstormsecurity.com/files/119239/Simple-Webserver-2.3-rc1-Directory-Traversal.html

---

Updated on 2015-03-25