CVE-2006-2658
6 documents6 sources
Severity
5.0MEDIUM
EPSS
0.7%
top 28.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 12
Latest updateMay 1
Description
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.
CVSS vector
AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-929v-wf58-724f: Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9↗2022-05-01
OSV▶
CVE-2006-2658: Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9↗2006-09-12
CVEList▶
CVE-2006-2658: Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9↗2006-09-12
📋Vendor Advisories
1Debian▶
CVE-2006-2658: xsp - Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# we...↗2006