BRS WebWeaver Web Server File Access Vulnerability

info
discussion
exploit
solution
references

BRS WebWeaver Web Server File Access Vulnerability

WebWeaver's Web server has a flaw that discloses the contents of potentially sensitive files to attackers.

It is possible for an attacker to bypass WebWeaver's input validation by constructing a request containing './' character sequences. Information obtained in this manner may allow an attacker to launch further, potentially destructive, attacks against the vulnerable server.