Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
The recommended solution is to use the administration interface to update the server. Apply the 'Fix for "%00" vulnerability'.
A patch is also available for Roxen 2.0.x:
Although 1.3.122 is not affected by this specific vulnerability, Roxen has provided a patch to eliminiate any further problems related to this issue:
The appropriate patch should be applied to server/protocols/http.pike. The server must be restarted for the fix to take effect.
Roxen WebServer 2.0 .X