Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5473

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5473
Last Modified 15 Nov 2008 02:01:05
Published 18 Oct 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5473

Summary

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.

Vulnerable Systems

Application

  • Mono 1.2.5.1


References

OSVDB - 41871

CONFIRM - http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs

XF - mono-staticfilehandler-info-disclosure(37341)

BID - 26166

SECUNIA - 27349


Last Updated: 27 May 2016 10:46:10