The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
fedoranews.org/cms/node/2400
fedoranews.org/cms/node/2401
lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html
secunia.com/advisories/23432
secunia.com/advisories/23435
secunia.com/advisories/23462
secunia.com/advisories/23597
secunia.com/advisories/23727
secunia.com/advisories/23776
secunia.com/advisories/23779
security.gentoo.org/glsa/glsa-200701-12.xml
securityreason.com/securityalert/2082
securitytracker.com/id?1017430
www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html
www.mandriva.com/security/advisories?name=MDKSA-2006:234
www.securityfocus.com/archive/1/454962/100/0/threaded
www.securityfocus.com/bid/21687
www.ubuntu.com/usn/usn-397-1
www.vupen.com/english/advisories/2006/5099
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2092