VULHUB ™

iWeb Server does not perform correct access validation on client requested paths which include "../" character sequences. It is possible for attackers to obtain files and directories outside of the webroot by requesting their path relative to the current directory. This may be exploited by a remote attacker to potentially disclose sensitive information. The author has issued a new version that is not vulnerable to this attack.

iWeb Server does not perform correct access validation on client requested paths which include "../" character sequences. It is possible for attackers to obtain files and directories outside of the webroot by requesting their path relative to the current directory. This may be exploited by a remote attacker to potentially disclose sensitive information. The author has issued a new version that is not vulnerable to this attack.