PT-2006-7609 · Mono · Mono

Publicado

1970-01-01

Atualizado

2018-10-17

CVE-2006-6104

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mono versions 1.1 through 2.0

Description The issue allows remote attackers to read source code and credentials due to improper verification of local pathnames in the System.Web class. This can be achieved by appending a space (%20) to a URI or requesting Web.Config%20. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Mono versions 1.1 through 2.0, update to a version that properly verifies local pathnames to prevent remote attackers from reading source code and credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

BDU:2015-04937

BDU:2015-04938

BDU:2015-04939

BDU:2015-04940

BDU:2015-04941

BDU:2015-04942

BDU:2015-04943

BDU:2015-04944

BDU:2015-04945

BDU:2015-04946

BDU:2015-04947

BDU:2015-04948

BDU:2015-04949

BDU:2015-04950

BDU:2015-04951

CVE-2006-6104

Produtos afetados

Mono

PT-2006-7609 · Mono · Mono

CVE-2006-6104

Identificadores relacionados

Produtos afetados

Referências · 41