MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17520
http://www.securityfocus.com/bid/11254