CVE-2006-6104 Information

Feb 14, 2021 cve

Description

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames which allows remote attackers to (1) read source code by appending a space (20) to a URI and (2) read credentials via a request for Web.Config20.

Reference

http://fedoranews.org/cms/node/2400 http://fedoranews.org/cms/node/2401 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html http://secunia.com/advisories/23432 http://secunia.com/advisories/23435 http://secunia.com/advisories/23462 http://secunia.com/advisories/23597 http://secunia.com/advisories/23727 http://secunia.com/advisories/23776 http://secunia.com/advisories/23779 http://security.gentoo.org/glsa/glsa-200701-12.xml http://securityreason.com/securityalert/2082 http://securitytracker.com/id?1017430 http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:234 http://www.securityfocus.com/archive/1/454962/100/0/threaded http://www.securityfocus.com/bid/21687 http://www.ubuntu.com/usn/usn-397-1 http://www.vupen.com/english/advisories/2006/5099 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A2092

Share on: