5

CVE-2006-2658

Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MonoXsp
SuseSuse Linux Version9.2 Editionpersonal
SuseSuse Linux Version9.2 Editionprofessional
SuseSuse Linux Version9.2 Editionx86_64
SuseSuse Linux Version9.3 Editionpersonal
SuseSuse Linux Version9.3 Editionprofessional
SuseSuse Linux Version9.3 Editionx86_64
SuseSuse Linux Version10.0 Editionoss
SuseSuse Linux Version10.0 Editionprofessional
SuseSuse Linux Version10.1 Editionpersonal
SuseSuse Linux Version10.1 Editionprofessional
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.85% 0.888
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21847
http://lists.suse.com/archive/suse-security-announce/2006-Sep/0005.html
Vendor Advisory
http://secunia.com/advisories/21840
Vendor Advisory
http://securitytracker.com/id?1016821
http://www.securityfocus.com/bid/19929
http://www.vupen.com/english/advisories/2006/3552