Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability

Bugtraq ID:	26166
Class:	Input Validation Error
CVE:	CVE-2007-5473
Remote:	Yes
Local:	No
Published:	Oct 22 2007 12:00AM
Updated:	Oct 24 2007 11:06PM
Credit:	This issue was disclosed by the vendor.
Vulnerable:	Mono Mono 1.2.5 1 Mono Mono 1.1.4 Mono Mono 1.0.5 Mono Mono 1.0 Mono Mono 1.1.8.3 Mono Mono 1.1.17.1 Mono Mono 1.1.13.7 Mono Mono 1.1.13.6 Mono Mono 1.1.13.4
Not Vulnerable:	Mono Mono 1.2.5 2

Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability

Mono is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.

This issue affects versions prior to Mono 1.2.5.2 running on Windows platforms.

Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability

Attackers can exploit this vulnerability with a browser.

Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability

Solution:
The vendor has released subversion revision 87715 to address this issue. Please see the references for more information.


Mono Mono 1.2.5 1

• Mono Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability
  http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/Sys tem.Web/StaticFileHandler.cs?rev=87715&view=markup