Vulnerability in Free Java Web Server Overview Free Java Web Server v1.0 is a Java web server available from http://www.download.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths (ie: '..', '...'). Details http://localhost/../[file outside web root] http://localhost/.../[file outside web root] Solution No quick fix is possible. Vendor Status The author, Dattaraj J. Rao, was contacted via <[EMAIL PROTECTED]> on Sunday, January 28, 2001. No reply was received. - Joe Testa ( [EMAIL PROTECTED] )