LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.
http://www.iss.net/security_center/static/9165.php
http://online.securityfocus.com/archive/1/274020
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html