Family: CGI abuses --> Category: infos
Mono XSP Source Code Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to retrieve ASPX source code using XSP
Detailed Explanation for this Vulnerability Test
The remote web server is affected by an information disclosure
The remote host is running Mono XSP, a lightweight web server for
hosting ASP.NET applications.
The version of Mono XSP installed on the remote Windows host fails to
properly validate filename extensions in URLs. A remote attacker may
be able to leverage this issue to disclose the source of scripts
hosted by the affected application using specially-crafted requests
with URL-encoded space characters.
See also :
Upgrade to Mono version 1.2.2 / 188.8.131.52.2 or later.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.