A vulnerability exists in LocalWEB2000 related to content password protection. It is possible to have LocalWEB2000 treat files as unprotected by requesting them as files within the '.' (current) directory. If the file http://server/file.txt is set to be password protected, the protection will be bypassed if a request is made for http://server/./file.txt. This is likely due to a design error in the protection component.
This vulnerability was reported for LocalWEB2000 Standard Version 2.1.0. Other versions (such as the Professional Edition) may also be affected by this issue.