MediumCheck or Attack Name: rootdotdot
A directory listing was obtained of the directory above the root directory of the web server. A URL of the form http://www.domain.com/..\.. allows anyone to browse and download files outside of the web server content root directory. URLs such as http://www.domain.com/scripts..\..\script-name allow you to execute the target script. An attacker can use a listing of this directory as additional information for planning a structured attack, or could download files elsewhere in the file system.
Check with the vendor and documentation of your web server software for information on the correct configuration. If necessary, install a more recent (and secure) version of the web server.
The latest version of Microsoft Internet Information Server (IIS) is available at http://www.microsoft.com/iis.
