Reported January 19, 2001, by Strumpf Noir
A vulnerability has been identified in LocalWeb 2000. By adding "../" to a URL, a malicious attacker can read files outside of the webroot directory.
The following URL retrieves and displays the autoexec.bat file:
The vendor has been notified and has communicated its intent to fix this problem in a future version of LocalWeb. See the vendor's Web site for more information: