mono
Page content
- Author: voroskoi
- Vulnerable: 1.1.17.2-1siwenna1
- Unaffected: 1.1.17.2-2siwenna1
Jose Ramon Palanco has reported a vulnerability in Mono, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the System.Web class when handling HTTP requests. This can be exploited to gain remote access to the source code of a web application by e.g. appending “%20” to an URI. Note: Reportedly, this can also be exploited to gain access to the Web.Config file, which may contain sensitive information like credentials.
- Bug Tracker URL: http://bugs.frugalware.org/task/1557