If you haven't already caught this, the vuln in Web Server Creator recently reported by XORON is a duplicate of a report by Frog Man in November 2002 (BID 6251, SECTRACK 1005712). BTW, I couldn't find a CVE number for the original vuln. Stuart