Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2658

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2658
Last Modified 07 Mar 2011 09:36:43
Published 12 Sep 2006 12:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2658

Summary

Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.

Vulnerable Systems

Operating System

  • Suse Linux 10.0

  • Suse Linux 10.1

  • Suse Linux 9.2

  • Suse Linux 9.3

Application

  • Mono Xsp

  • Suse Open Enterprise Server 1


References

VUPEN - ADV-2006-3552

BID - 19929

SECUNIA - 21840

SUSE - SUSE-SR:2006:022

SECTRACK - 1016821

SECUNIA - 21847


Last Updated: 27 May 2016 10:42:42