Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-6104

Published: 21/12/2006 Updated: 17/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Xsp

Vulnerability Summary

The System.Web class in the XSP for ASP.NET server 1.1 up to and including 2.0 in Mono does not properly verify local pathnames, which allows remote malicious users to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.

Vulnerable Product Search on Vulmon Subscribe to Product

mono xsp 1.2.1

mono xsp 2.0

mono xsp 1.1

Vendor Advisories

Ubuntu Security Notice: mono vulnerability
Jose Ramon Palanco discovered that the mono SystemWeb class did not consistently verify local file paths As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application’s source ...

Exploits

Exploit DB: Mono XSP 1.x/2.0 - Source Code Information Disclosure
source: wwwsecurityfocuscom/bid/21687/info XSP is prone to a source code information-disclosure vulnerability because it fails to properly sanitize user-supplied input An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process Information obtained may aid i ...

References

NVD-CWE-Otherhttp://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:234http://www.ubuntu.com/usn/usn-397-1http://www.securityfocus.com/bid/21687http://secunia.com/advisories/23432http://secunia.com/advisories/23435http://secunia.com/advisories/23462http://securitytracker.com/id?1017430http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.htmlhttp://secunia.com/advisories/23597http://fedoranews.org/cms/node/2400http://fedoranews.org/cms/node/2401http://security.gentoo.org/glsa/glsa-200701-12.xmlhttp://secunia.com/advisories/23727http://secunia.com/advisories/23776http://secunia.com/advisories/23779http://securityreason.com/securityalert/2082http://www.vupen.com/english/advisories/2006/5099https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2092http://www.securityfocus.com/archive/1/454962/100/0/threadedhttps://usn.ubuntu.com/397-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/29302/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook