SUSE-SA:2007:002: mono-web ASP.net sourcecode disclosure

Back to Search

SUSE-SA:2007:002: mono-web ASP.net sourcecode disclosure

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

01/04/2007

Created

07/25/2018

Added

01/29/2007

Modified

11/18/2015

Description

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.

Solution(s)

References

https://attackerkb.com/topics/cve-2006-6104
21687
CVE - 2006-6104
OVAL2092
SUSE-SA:2007:002
http://fedoranews.org/cms/node/2400
http://fedoranews.org/cms/node/2401
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2092
http://securityreason.com/securityalert/2082
http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html
http://www.frsirt.com/english/advisories/2006/5099
http://www.mandriva.com/security/advisories?name=MDKSA-2006:234
http://www.novell.com/linux/security/advisories/2007_02_mono.html
http://www.securityfocus.com/archive/1/archive/1/454962/100/0/threaded
http://www.ubuntu.com/usn/usn-397-1

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE-SA:2007:002: mono-web ASP.net sourcecode disclosure