Requesting a specially formed url containing encoding (%2E) to SimpleServer 1.06 and possibley earlier versions, will enable a remote user to gain read access to known files above the SimpleServer directory.
AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to view arbitrary files. The issue is due to the server not sanitizing URI requests. By using a combination of %2E encoding and/or "../../" traversal attacks, the remote attacker can view arbitrary files outside of the web root.
Upgrade to version 1.07 or higher, as it has been reported to fix this
vulnerability. An upgrade is required as there are no known workarounds.