Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-6104HistoryDec 21, 2006 - 7:28 p.m.
CVE-2006-6104
2006-12-2119:28:00
Debian Security Bug Tracker
security-tracker.debian.org
11
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.08 Low
EPSS
Percentile
94.3%
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | mono | < 1.2.2.1-1 | mono_1.2.2.1-1_all.deb |
| Debian | 11 | all | mono | < 1.2.2.1-1 | mono_1.2.2.1-1_all.deb |
| Debian | 999 | all | mono | < 1.2.2.1-1 | mono_1.2.2.1-1_all.deb |
| Debian | 13 | all | mono | < 1.2.2.1-1 | mono_1.2.2.1-1_all.deb |
Related
nessus
nessus
Fedora Core 6 : mono-1.1.17.1-4.fc6 (2007-067)
2007-01-17 00:00:00
Mandrake Linux Security Advisory : mono (MDKSA-2006:234)
2007-02-18 00:00:00
Ubuntu 6.06 LTS / 6.10 : mono vulnerability (USN-397-1)
2007-11-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200701-12 (mono)
2008-09-24 00:00:00
SuSE Update for mono-web SUSE-SA:2007:002
2009-01-28 00:00:00
Ubuntu: Security Advisory (USN-397-1)
2022-08-26 00:00:00
nvd
nvd
CVE-2006-6104
2006-12-21 19:28:00
suse
suse
remote source code disclosure in mono-web
2007-01-04 18:49:55
cve
cve
CVE-2006-6104
2006-12-21 19:28:00
cvelist
cvelist
CVE-2006-6104
2006-12-21 19:00:00
gentoo
gentoo
Mono: Information disclosure
2007-01-16 00:00:00
ubuntu
ubuntu
mono vulnerability
2006-12-20 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: mono-1.1.17.1-4.fc6
2007-01-12 19:43:05
[SECURITY] Fedora Core 5 Update: mono-1.1.13.7-3.fc5.1
2007-01-12 19:43:55
ubuntucve
ubuntucve
CVE-2006-6104
2006-12-21 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.08 Low
EPSS
Percentile
94.3%
Related for DEBIANCVE:CVE-2006-6104