Rushjo

Name of the Vulnerable Software and Affected Versions: iWeb Server (affected versions not specified) Description: A directory traversal issue allows remote attackers to read arbitrary files via an HTTP request containing .. sequences. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: iWeb Server version 2 Description: A directory traversal issue allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"). Recommendations: For iWeb Server version 2, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available.