source: https://www.securityfocus.com/bid/2268/info

LocalWEB2000 is subject to a directory traversal. Requesting a specially crafted HTTP request with a known filename will enable an attacker to gain read access to the requested file. 

http://target/../../../autoexec.bat