COMMAND

    Sedum

SYSTEMS AFFECTED

    Sedum httpd server 2.0

PROBLEM

    Joe Testa found following.  A vulnerability exists which allows  a
    remote user to break out of the web root using relative paths (ie:
    '..', '...').

        http://localhost/../[file outside web root]
        http://localhost/.../[file outside web root]

SOLUTION

    No  quick  fix  is  possible.   The  author,  Guido Frassetto, was
    contacted regarding  version 1.1  of SEDUM.   He replied  promptly
    and stated that version 2.0 is immune to this problem.    However,
    there is absolutely nothing different.