CVE-2006-2658

Currently unrated

Key Information:

Vendor: Suse
Status: Suse Open Enterprise Server; Xsp
Vendor: CVE Published:; 12 September 2006

Summary

Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.

References

http://secunia.com/advisories/21847

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/3552

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1016821

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Sep 12, 2006
Vulnerability Reserved
May 30, 2006