PT-2006-7609 · Mono · Mono

Published

1970-01-01

·

Updated

2018-10-17

·

CVE-2006-6104

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mono versions 1.1 through 2.0
Description The issue allows remote attackers to read source code and credentials due to improper verification of local pathnames in the System.Web class. This can be achieved by appending a space (%20) to a URI or requesting Web.Config%20. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Recommendations For Mono versions 1.1 through 2.0, update to a version that properly verifies local pathnames to prevent remote attackers from reading source code and credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

BDU:2015-04937
BDU:2015-04938
BDU:2015-04939
BDU:2015-04940
BDU:2015-04941
BDU:2015-04942
BDU:2015-04943
BDU:2015-04944
BDU:2015-04945
BDU:2015-04946
BDU:2015-04947
BDU:2015-04948
BDU:2015-04949
BDU:2015-04950
BDU:2015-04951
CVE-2006-6104

Affected Products

Mono