Lil' HTTP server 2.1版本和2.2版本存在目录遍历漏洞。远程攻击者可以借助HTTP GET请求的..（点 点）读取任意文件。
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Lil'HTTP Server URI Traversal Arbitrary File Access
Remote / Network Access
Loss of Confidentiality
Lil'HTTP Server contains a flaw that allows a remote user to traverse outside of a restricted path. The issue is due to the application not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the URI. This directory traversal attack would allow the attacker to view files outside of the web root directory.
Currently, there are no known upgrades, patches or workarounds available to correct this vulnerability.