← back
CVE-2006-6104

CVE-2006-6104

EPSS 5.0%
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/29302unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://fedoranews.org/cms/node/2400http://fedoranews.org/cms/node/2401http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.htmlhttp://secunia.com/advisories/23432http://secunia.com/advisories/23435http://secunia.com/advisories/23462http://secunia.com/advisories/23597http://secunia.com/advisories/23727http://secunia.com/advisories/23776http://secunia.com/advisories/23779http://security.gentoo.org/glsa/glsa-200701-12.xmlhttp://securityreason.com/securityalert/2082