StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 00:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs - | |
References | () http://osvdb.org/41871 - | |
References | () http://secunia.com/advisories/27349 - | |
References | () http://www.securityfocus.com/bid/26166 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/37341 - |
Information
Published : 2007-10-18 18:17
Updated : 2024-11-21 00:37
NVD link : CVE-2007-5473
Mitre link : CVE-2007-5473
CVE.ORG link : CVE-2007-5473
JSON object : View
Products Affected
mono
- mono
microsoft
- windows
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor