Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Mono XSP Source Code Disclosure Vulnerability


Vulnerability Assessment Details

Mono XSP Source Code Disclosure Vulnerability

Vulnerability Assessment Summary
Tries to retrieve ASPX source code using XSP

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server is affected by an information disclosure
vulnerability.

Description :

The remote host is running Mono XSP, a lightweight web server for
hosting ASP.NET applications.

The version of Mono XSP installed on the remote Windows host fails to
properly validate filename extensions in URLs. A remote attacker may
be able to leverage this issue to disclose the source of scripts
hosted by the affected application using specially-crafted requests
with URL-encoded space characters.

See also :

http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html
http://www.securityfocus.com/archive/1/454962/30/0/threaded
http://www.mono-project.com/news/archive/2006/Dec-20.html

Solution :

Upgrade to Mono version 1.2.2 / 1.1.13.8.2 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)

Networks Security ID: 21687

Vulnerability Assessment Copyright: This script is Copyright (C) 2006-2007 Tenable Network Security

Cables, Connectors

vtg 1984 apple iic release article 8 x 10" original editorial steve jobs wozniak
$39.99
vtg 1984 apple iic release article 8 x 10Vintage Apple Macintosh SE M5011 Motherboard 820-0250-A NEW BATTERY high-density
$96.14
Vintage Apple Macintosh SE M5011 Motherboard 820-0250-A NEW BATTERY high-density pictureNEW, SEALED Claris Vintage MacDraw II Software for Vintage Apple Macintosh
$25.0
NEW, SEALED Claris Vintage MacDraw II Software  for Vintage Apple Macintosh  pictureVintage Apple II Apple IIe General Purpose Interface GPI-1 Expander Card
$25.0
Vintage Apple II Apple IIe General Purpose Interface GPI-1 Expander Card picture


Discussions

No Discussions have been posted on this vulnerability.