SuSE Update For Mono-web SUSE-SA:2007:002 Network Vulnerability

Impact

remote source code disclosure

Solution

Please Install the Updated Packages.

Insight

A security problem was found and fixed in the Mono / C# web server implementation. By appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server. This issue is tracked by the Mitre CVE ID CVE-2006-6104 and only affects SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise 10. Older products are not affected. The updated packages for this problem were released on December 29th 2006.

Affected

mono-web on openSUSE 10.2, SUSE LINUX 10.1, SUSE SLED 10, SUSE SLES 10

References

http://www.novell.com/linux/security/advisories/2007_02_mono.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-6104
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

SLES10: Security update for Mono
SLES10: Security update for libtiff
SLES10: Security update for dbus
SLES10: Security update for pam_mount
SLES10: Security update for Apache 2

SuSE Update for mono-web SUSE-SA:2007:002

Take action and discover your vulnerabilities