Oval Definition:oval:org.mitre.oval:def:2092
Revision Date:2007-12-10Version:20
Title:mono-web ASP.net sourcecode disclosure
Description:The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-6104
Platform(s):openSUSE 10.2
SUSE Linux 10.1
SUSE Linux Enterprise Desktop 10
SUSE Linux Enterprise Server 10
Product(s):bytefx-data-mysql
ibm-data-db2
mono-basic
mono-core
mono-core-32bit
mono-data
mono-data-firebird
mono-data-oracle
mono-data-postgresql
mono-data-sqlite
mono-data-sybase
mono-devel
mono-extras
mono-jscript
mono-locale-extras
mono-nunit
mono-web
mono-winforms
Definition Synopsis
  • Exploitable openSUSE 10.2 Vulnerability Exists
  • Potential openSUSE 10.2 Vulnerability Exists
  • openSUSE 10.2 is installed
  • AND Potential Architecture Vulnerability Exists
  • ix86 architecture
  • OR ix86 architecture
  • OR ppc architecture
  • AND Potential Package Vulnerability Exists
  • Potential Package bytefx-data-mysql Vulnerability Exists
  • Package bytefx-data-mysql is installed
  • AND Package bytefx-data-mysql version-release is less than 1.1.18.1-12.2
  • OR Potential Package ibm-data-db2 Vulnerability Exists
  • Package ibm-data-db2 is installed
  • AND Package ibm-data-db2 version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-basic Vulnerability Exists
  • Package mono-basic is installed
  • AND Package mono-basic version-release is less than 1.1.18-9.1
  • OR Potential Package mono-core Vulnerability Exists
  • Package mono-core is installed
  • AND Package mono-core version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-core-32bit Vulnerability Exists
  • Package mono-core-32bit is installed
  • AND Package mono-core-32bit version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-data Vulnerability Exists
  • Package mono-data is installed
  • AND Package mono-data version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-data-firebird Vulnerability Exists
  • Package mono-data-firebird is installed
  • AND Package mono-data-firebird version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-data-oracle Vulnerability Exists
  • Package mono-data-oracle is installed
  • AND Package mono-data-oracle version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-data-postgresql Vulnerability Exists
  • Package mono-data-postgresql is installed
  • AND Package mono-data-postgresql version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-data-sqlite Vulnerability Exists
  • Package mono-data-sqlite is installed
  • AND Package mono-data-sqlite version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-data-sybase Vulnerability Exists
  • Package mono-data-sybase is installed
  • AND Package mono-data-sybase version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-devel Vulnerability Exists
  • Package mono-devel is installed
  • AND Package mono-devel version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-extras Vulnerability Exists
  • Package mono-extras is installed
  • AND Package mono-extras version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-jscript Vulnerability Exists
  • Package mono-jscript is installed
  • AND Package mono-jscript version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-locale-extras Vulnerability Exists
  • Package mono-locale-extras is installed
  • AND Package mono-locale-extras version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-nunit Vulnerability Exists
  • Package mono-nunit is installed
  • AND Package mono-nunit version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-web Vulnerability Exists
  • Package mono-web is installed
  • AND Package mono-web version-release is less than 1.1.18.1-12.2
  • OR Potential Package mono-winforms Vulnerability Exists
  • Package mono-winforms is installed
  • AND Package mono-winforms version-release is less than 1.1.18.1-12.2
  • OR Exploitable SUSE Linux 10.1 Vulnerability Exists
  • Potential SUSE Linux 10.1 Vulnerability Exists
  • SUSE Linux 10.1 is installed
  • AND Potential Architecture Vulnerability Exists
  • ix86 architecture
  • OR ix86 architecture
  • OR ppc architecture
  • AND Potential Package Vulnerability Exists
  • Potential Package bytefx-data-mysql Vulnerability Exists
  • Package bytefx-data-mysql is installed
  • AND Package bytefx-data-mysql version-release is less than 1.1.13.8-2.15
  • OR Potential Package ibm-data-db2 Vulnerability Exists
  • Package ibm-data-db2 is installed
  • AND Package ibm-data-db2 version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-basic Vulnerability Exists
  • Package mono-basic is installed
  • AND Package mono-basic version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-core Vulnerability Exists
  • Package mono-core is installed
  • AND Package mono-core version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-core-32bit Vulnerability Exists
  • Package mono-core-32bit is installed
  • AND Package mono-core-32bit version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-data Vulnerability Exists
  • Package mono-data is installed
  • AND Package mono-data version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-data-firebird Vulnerability Exists
  • Package mono-data-firebird is installed
  • AND Package mono-data-firebird version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-data-oracle Vulnerability Exists
  • Package mono-data-oracle is installed
  • AND Package mono-data-oracle version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-data-postgresql Vulnerability Exists
  • Package mono-data-postgresql is installed
  • AND Package mono-data-postgresql version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-data-sqlite Vulnerability Exists
  • Package mono-data-sqlite is installed
  • AND Package mono-data-sqlite version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-data-sybase Vulnerability Exists
  • Package mono-data-sybase is installed
  • AND Package mono-data-sybase version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-devel Vulnerability Exists
  • Package mono-devel is installed
  • AND Package mono-devel version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-extras Vulnerability Exists
  • Package mono-extras is installed
  • AND Package mono-extras version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-jscript Vulnerability Exists
  • Package mono-jscript is installed
  • AND Package mono-jscript version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-locale-extras Vulnerability Exists
  • Package mono-locale-extras is installed
  • AND Package mono-locale-extras version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-nunit Vulnerability Exists
  • Package mono-nunit is installed
  • AND Package mono-nunit version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-web Vulnerability Exists
  • Package mono-web is installed
  • AND Package mono-web version-release is less than 1.1.13.8-2.15
  • OR Potential Package mono-winforms Vulnerability Exists
  • Package mono-winforms is installed
  • AND Package mono-winforms version-release is less than 1.1.13.8-2.15
  • OR Exploitable SUSE Linux Enterprise Desktop 10 or SUSE Linux Enterprise Server 10 Vulnerability Exists
  • Potential System Vulnerability Exists
  • Potential SUSE Linux Enterprise Desktop 10 Vulnerability Exists
  • SUSE Linux Enterprise Desktop 10 is installed
  • AND Potential Architecture Vulnerability Exists
  • ix86 architecture
  • OR ix86 architecture
  • OR Potential SUSE Linux Enterprise Server 10 Vulnerability Exists
  • SUSE Linux Enterprise Server 10 is installed
  • AND Potential Architecture Vulnerability Exists
  • ix86 architecture
  • OR ix86 architecture
  • OR ppc architecture
  • AND Potential Package Vulnerability Exists
  • bytefx-data-mysql is installed
  • OR ibm-data-db2 is installed
  • OR mono-basic is installed
  • OR mono-core is installed
  • OR mono-core-32bit is installed
  • OR mono-data is installed
  • OR mono-data-firebird is installed
  • OR mono-data-oracle is installed
  • OR mono-data-postgresql is installed
  • OR mono-data-sqlite is installed
  • OR mono-data-sybase is installed
  • OR mono-devel is installed
  • OR mono-extras is installed
  • OR mono-jscript is installed
  • OR mono-locale-extras is installed
  • OR mono-nunit is installed
  • OR mono-web is installed
  • OR mono-winforms is installed
    • BACK