Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5405
http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full