Vulnerabilities > CVE-2006-2658 - Directory Traversal vulnerability in Mono XSP

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mono

suse

NVD

Published: 2006-09-12

Updated: 2011-03-08

Summary

Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.

Vulnerable Configurations

Part	Description	Count
Application	Mono Mono XSP *	1
Application	Suse Suse Suse Open Enterprise Server 1	1
OS	Suse Suse Suse Linux 9.2 Suse Suse Linux 9.3 Suse Suse Linux 10.0 Suse Suse Linux 10.1	10

References

http://lists.suse.com/archive/suse-security-announce/2006-Sep/0005.html
http://secunia.com/advisories/21840
http://secunia.com/advisories/21847
http://securitytracker.com/id?1016821
http://www.securityfocus.com/bid/19929
http://www.vupen.com/english/advisories/2006/3552