|
Family: CGI abuses --> Category: infos
Mono XSP Source Code Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to retrieve ASPX source code using XSP
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by an information disclosure
vulnerability.
Description :
The remote host is running Mono XSP, a lightweight web server for
hosting ASP.NET applications.
The version of Mono XSP installed on the remote Windows host fails to
properly validate filename extensions in URLs. A remote attacker may
be able to leverage this issue to disclose the source of scripts
hosted by the affected application using specially-crafted requests
with URL-encoded space characters.
See also :
http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html
http://www.securityfocus.com/archive/1/454962/30/0/threaded
http://www.mono-project.com/news/archive/2006/Dec-20.html
Solution :
Upgrade to Mono version 1.2.2 / 1.1.13.8.2 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|