Soft3304 04WebServer prior to 1.41 does not properly check file names, which allows remote malicious users to obtain sensitive information (CGI source code).
soft3304 04webserver 1.40