CVE-2006-6104 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-6104 Interim 1 3 2021-06-09T08:38:54Z current 2021-05-30T12:37:13Z 2021-06-09T08:38:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-6104 The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2007-01/msg00017.html E-Mail link for SUSE-SA:2007:002 https://www.suse.com/support/security/rating/ SUSE Security Ratings The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. CVE-2006-6104 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N