New Search

mono-web ASP.net sourcecode disclosure

oval:org.mitre.oval:def:2092

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames which allows remote attackers to (1) read source code by appending a space (%20) to a URI and (2) read credentials via a request for Web.Config%20.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • openSUSE 10.2
  • SUSE Linux Enterprise Server 10
  • SUSE Linux Enterprise Desktop 10
  • SUSE Linux 10.1
Class:
vulnerability
Reference(s):
  • CVE-2006-6104
Product(s):
  • mono-nunit
  • mono-devel
  • mono-jscript
  • mono-basic
  • mono-core-32bit
  • mono-winforms
  • mono-core
  • mono-data
  • bytefx-data-mysql
  • mono-web
  • mono-data-firebird
  • mono-data-sqlite
  • mono-data-sybase
  • mono-extras
  • mono-locale-extras
  • mono-data-postgresql
  • mono-data-oracle
  • ibm-data-db2