5

CVE-2006-6104

Exploit
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MonoXsp Version1.1
MonoXsp Version1.2.1
MonoXsp Version2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.96% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://fedoranews.org/cms/node/2401
http://secunia.com/advisories/23776
http://fedoranews.org/cms/node/2400
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html
http://secunia.com/advisories/23432
Patch
Vendor Advisory
Exploit
http://secunia.com/advisories/23435
Patch
Vendor Advisory
http://secunia.com/advisories/23462
Patch
Vendor Advisory
http://secunia.com/advisories/23597
http://secunia.com/advisories/23727
http://secunia.com/advisories/23779
http://security.gentoo.org/glsa/glsa-200701-12.xml
http://securityreason.com/securityalert/2082
http://securitytracker.com/id?1017430
http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html
Exploit
http://www.mandriva.com/security/advisories?name=MDKSA-2006:234
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/454962/100/0/threaded
http://www.securityfocus.com/bid/21687
Patch
Exploit
http://www.ubuntu.com/usn/usn-397-1
Patch
http://www.vupen.com/english/advisories/2006/5099
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2092