Home > Vulnerability Database > CVE-2006-6104

Mend.io Vulnerability Database

CVE-2006-6104

Date: December 21, 2006

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.

Severity Score

5.3

Related Resources (23)

Url: http://security.gentoo.org/glsa/glsa-200701-12.xml

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-6104

Url: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html

Url: http://www.securityfocus.com/bid/21687

Url: http://www.vupen.com/english/advisories/2006/5099

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2092

Url: http://www.securityfocus.com/archive/1/454962/100/0/threaded

Url: http://www.ubuntu.com/usn/usn-397-1

Url: http://secunia.com/advisories/23776

Url: http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html

Url: http://secunia.com/advisories/23435

Url: http://securitytracker.com/id?1017430

Url: http://secunia.com/advisories/23779

Url: http://secunia.com/advisories/23727

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-6104

Url: http://secunia.com/advisories/23462

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:234

Url: http://securityreason.com/securityalert/2082

Url: http://fedoranews.org/cms/node/2400

Url: http://secunia.com/advisories/23597

Url: http://secunia.com/advisories/23432

Url: http://fedoranews.org/cms/node/2401

Url: https://www.mend.io/vulnerability-database/CVE-2006-6104

Severity Score

5.3

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-6104

Date: December 21, 2006

Severity Score

Related Resources (23)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?