Reported July 31, 2000 by Foundstone

VERSIONS AFFECTED

SimpleServer 1.06

DESCRIPTION

SimpleServer adequately protects against directory traversal when attempted via the typical dot dot slash (../) syntax. However, if the ASCII characters for the dots are replaced with their hexidecimal equivalent (%2E) then directory traversal can succeed.

DEMONSTRATION

http://TestWebServer/%2E%2E/filename.ext

VENDOR RESPONSE

AnalogX released an updated version 1.07 of the product, which corrects the vulnerability.

CREDIT
Discovered by Foundstone