Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-6104HistoryDec 21, 2006 - 7:28 p.m.
CVE-2006-6104
2006-12-2119:28:00
Debian Security Bug Tracker
security-tracker.debian.org
15
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.074
Percentile
94.2%
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | mono | < 1.2.2.1-1 | mono_1.2.2.1-1_all.deb |
| Debian | 11 | all | mono | < 1.2.2.1-1 | mono_1.2.2.1-1_all.deb |
| Debian | 999 | all | mono | < 1.2.2.1-1 | mono_1.2.2.1-1_all.deb |
| Debian | 13 | all | mono | < 1.2.2.1-1 | mono_1.2.2.1-1_all.deb |
Related
nessus
nessus
Ubuntu 6.06 LTS / 6.10 : mono vulnerability (USN-397-1)
2007-11-10 00:00:00
GLSA-200701-12 : Mono: Information disclosure
2007-01-17 00:00:00
Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure
2006-12-23 00:00:00
openvas
openvas
SuSE Update for mono-web SUSE-SA:2007:002
2009-01-28 00:00:00
Ubuntu: Security Advisory (USN-397-1)
2022-08-26 00:00:00
Fedora Update for mono FEDORA-2007-067
2009-02-27 00:00:00
cvelist
cvelist
CVE-2006-6104
2006-12-21 19:00:00
exploitdb
exploitdb
Mono XSP 1.x/2.0 - Source Code Information Disclosure
2006-12-20 00:00:00
cve
cve
CVE-2006-6104
2006-12-21 19:28:00
gentoo
gentoo
Mono: Information disclosure
2007-01-16 00:00:00
suse
suse
remote source code disclosure in mono-web
2007-01-04 18:49:55
nvd
nvd
CVE-2006-6104
2006-12-21 19:28:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: mono-1.1.17.1-4.fc6
2007-01-12 19:43:05
[SECURITY] Fedora Core 5 Update: mono-1.1.13.7-3.fc5.1
2007-01-12 19:43:55
ubuntucve
ubuntucve
CVE-2006-6104
2006-12-21 00:00:00
ubuntu
ubuntu
mono vulnerability
2006-12-20 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.074
Percentile
94.2%
Related for DEBIANCVE:CVE-2006-6104