BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.
http://www.securityfocus.com/bid/6041
http://www.iss.net/security_center/static/10467.php
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0043.html