[原文]Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL.
J Walk Application Server Encoded Traversal Arbitrary File Disclosure
Remote / Network Access
Loss of Confidentiality
J Walk contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the supplied web server not properly sanitizing user input, specifically traversal style attacks (../../) in the URL, when encoded in part as an escaped Unicode string.
Upgrade to version 3.3c4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.