1. CVE-Search
  2. CVE-2006-6104
ID CVE-2006-6104
Summary The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
References
Vulnerable Configurations
  • cpe:2.3:a:mono:xsp:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mono:xsp:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mono:xsp:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mono:xsp:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mono:xsp:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mono:xsp:2.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 21:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2007-12-10T04:00:05.181-05:00
class vulnerability
contributors
  • name Thomas R. Jones
    organization Maitreya Security
  • name Nicholas Hansen
    organization Hewlett-Packard
  • name Nicholas Hansen
    organization Hewlett-Packard
  • name Nicholas Hansen
    organization Hewlett-Packard
  • name Jeff Cheng
    organization Hewlett-Packard
  • name Jeff Cheng
    organization Hewlett-Packard
  • name Jeff Cheng
    organization Hewlett-Packard
definition_extensions
  • comment openSUSE 10.2 is installed
    oval oval:org.mitre.oval:def:1170
  • comment Package bytefx-data-mysql is installed
    oval oval:org.mitre.oval:def:315
  • comment Package ibm-data-db2 is installed
    oval oval:org.mitre.oval:def:633
  • comment Package mono-basic is installed
    oval oval:org.mitre.oval:def:646
  • comment Package mono-core is installed
    oval oval:org.mitre.oval:def:1616
  • comment Package mono-core-32bit is installed
    oval oval:org.mitre.oval:def:1233
  • comment Package mono-data is installed
    oval oval:org.mitre.oval:def:1717
  • comment Package mono-data-firebird is installed
    oval oval:org.mitre.oval:def:2212
  • comment Package mono-data-oracle is installed
    oval oval:org.mitre.oval:def:2227
  • comment Package mono-data-postgresql is installed
    oval oval:org.mitre.oval:def:2230
  • comment Package mono-data-sqlite is installed
    oval oval:org.mitre.oval:def:2146
  • comment Package mono-data-sybase is installed
    oval oval:org.mitre.oval:def:1812
  • comment Package mono-devel is installed
    oval oval:org.mitre.oval:def:2042
  • comment Package mono-extras is installed
    oval oval:org.mitre.oval:def:2175
  • comment Package mono-jscript is installed
    oval oval:org.mitre.oval:def:2218
  • comment Package mono-locale-extras is installed
    oval oval:org.mitre.oval:def:2066
  • comment Package mono-nunit is installed
    oval oval:org.mitre.oval:def:2125
  • comment Package mono-web is installed
    oval oval:org.mitre.oval:def:1554
  • comment Package mono-winforms is installed
    oval oval:org.mitre.oval:def:2131
  • comment SUSE Linux 10.1 is installed
    oval oval:org.mitre.oval:def:2157
  • comment Package bytefx-data-mysql is installed
    oval oval:org.mitre.oval:def:315
  • comment Package ibm-data-db2 is installed
    oval oval:org.mitre.oval:def:633
  • comment Package mono-basic is installed
    oval oval:org.mitre.oval:def:646
  • comment Package mono-core is installed
    oval oval:org.mitre.oval:def:1616
  • comment Package mono-core-32bit is installed
    oval oval:org.mitre.oval:def:1233
  • comment Package mono-data is installed
    oval oval:org.mitre.oval:def:1717
  • comment Package mono-data-firebird is installed
    oval oval:org.mitre.oval:def:2212
  • comment Package mono-data-oracle is installed
    oval oval:org.mitre.oval:def:2227
  • comment Package mono-data-postgresql is installed
    oval oval:org.mitre.oval:def:2230
  • comment Package mono-data-sqlite is installed
    oval oval:org.mitre.oval:def:2146
  • comment Package mono-data-sybase is installed
    oval oval:org.mitre.oval:def:1812
  • comment Package mono-devel is installed
    oval oval:org.mitre.oval:def:2042
  • comment Package mono-extras is installed
    oval oval:org.mitre.oval:def:2175
  • comment Package mono-jscript is installed
    oval oval:org.mitre.oval:def:2218
  • comment Package mono-locale-extras is installed
    oval oval:org.mitre.oval:def:2066
  • comment Package mono-nunit is installed
    oval oval:org.mitre.oval:def:2125
  • comment Package mono-web is installed
    oval oval:org.mitre.oval:def:1554
  • comment Package mono-winforms is installed
    oval oval:org.mitre.oval:def:2131
  • comment SUSE Linux Enterprise Desktop 10 is installed
    oval oval:org.mitre.oval:def:2106
  • comment SUSE Linux Enterprise Server 10 is installed
    oval oval:org.mitre.oval:def:1368
description The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
family unix
id oval:org.mitre.oval:def:2092
status accepted
submitted 2007-08-09T08:17:54
title mono-web ASP.net sourcecode disclosure
version 39
refmap via4
bid 21687
bugtraq 20061220 Mono XSP ASP.NET Server sourcecode disclosure vulnerability
fedora
  • FEDORA-2007-067
  • FEDORA-2007-068
gentoo GLSA-200701-12
mandriva MDKSA-2006:234
misc http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html
sectrack 1017430
secunia
  • 23432
  • 23435
  • 23462
  • 23597
  • 23727
  • 23776
  • 23779
sreason 2082
suse SUSE-SA:2007:002
ubuntu USN-397-1
vupen ADV-2006-5099
Last major update 17-10-2018 - 21:46
Published 21-12-2006 - 19:28
Last modified 17-10-2018 - 21:46
Back to Top