2005-11-16 21:17:00
mitre
PUBLISHED
Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a . (%2e) at the end of the filename.