BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. Date published : 2002-07-26 http:/