CVE-2004-1991

Name of the Vulnerable Software and Affected Versions Aldo's Web Server (aweb) version 1.5

Description The issue allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. This is a directory traversal vulnerability.

Recommendations For version 1.5, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, restrict the use of HTTP GET requests that contain .. (dot dot) sequences until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.