The HTTP interface for WorldClient 2.1 is vulnerable to a directory traversal. By requesting a URL composed of the filename and ..\ it is possible for a remote user to retrieve and dowload any file of known location.
Deerfield WorldClient URI Traversal Arbitrary File Access
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
WorldClient contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URL.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.