source: https://www.securityfocus.com/bid/2436/info
It is possible for a remote user to gain read access to directories and files outside the web root. Requesting a specially crafted URL composed of '../' sequences will disclose an arbitrary directory, appending the known filename will disclose the requested resource.
http://target/../../../../../../Scandisk.log