1. CVE-Search
  2. CVE-2006-2658
ID CVE-2006-2658
Summary Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.
References
Vulnerable Configurations
  • cpe:2.3:a:mono:xsp:*:*:*:*:*:*:*:*
    cpe:2.3:a:mono:xsp:*:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:suse_open_enterprise_server:1:*:*:*:*:*:*:*
    cpe:2.3:a:suse:suse_open_enterprise_server:1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.2:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.2:*:professional:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.3:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.3:*:professional:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:10.0:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:10.0:*:professional:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:10.1:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:10.1:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:10.1:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:10.1:*:professional:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 19929
sectrack 1016821
secunia
  • 21840
  • 21847
suse SUSE-SR:2006:022
vupen ADV-2006-3552
Last major update 08-03-2011 - 02:36
Published 12-09-2006 - 16:07
Last modified 08-03-2011 - 02:36
Back to Top