Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL.
It has been reported that GWeb is prone to a directory traversal vulnerability. The issue is due to the server's failure to properly validate user supplied http requests.This issue may allow an attacker to escape the web server root directory and view any web server readable files. Information acquired by exploiting this issue may be used to aid further attacks against a vulnerable system.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
No exploit is required to leverage this issue. The following proof of concept has been provided:http://www.example.com/../../../../../../windows/system.ini /data/vulnerabilities/exploits/gshinfo.zip