VYPR
Unrated severityNVD Advisory· Published Dec 21, 2006· Updated Jun 16, 2026

CVE-2006-6104

CVE-2006-6104

Description

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Mono/Xsp4 versions
    cpe:2.3:a:mono:xsp:1.1:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:mono:xsp:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mono:xsp:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mono:xsp:2.0:*:*:*:*:*:*:*
    • (no CPE)range: 1.1 through 2.0

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.