CVE-2007-6612
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
Date published : 2008-01-03
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html