CVE-2007-2747

Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.

Date published : 2007-05-17

http://www.securityfocus.com/bid/24092

http://www.rdiffweb.org/wiki/index.php?title=Roadmap#Version_0.3.5.1