Vulnerability in SEDUM HTTP Server Overview SEDUM HTTP Server v2.0 is a web server available from http://www.frassetto.it and http://www.zdnet.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths (ie: '..', '...'). Details http://localhost/../[file outside web root] http://localhost/.../[file outside web root] Solution No quick fix is possible. Vendor Status The author, Guido Frassetto, was contacted via <[EMAIL PROTECTED]> and <[EMAIL PROTECTED]> on Sunday, January 28, 2001 regarding version 1.1 of SEDUM. He replied promptly and stated that version 2.0 is immune to this problem. I downloaded the new version, ran more tests, and found that absolutely nothing is different. Since then, I have not heard back from Guido Frassetto. - Joe Testa ( [EMAIL PROTECTED] )