WebTide 7.04 allows remote malicious users to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
infrontech webtide 7.0.4