Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
https://exchange.xforce.ibmcloud.com/vulnerabilities/71512
http://www.securityfocus.com/archive/1/520679/100/0/threaded