CVE-2006-1391

Sažetak

The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL.

Reference

http://secunia.com/advisories/19306
http://secunia.com/advisories/19312
http://secunia.com/secunia_research/2006-19/advisory/
http://securityreason.com/securityalert/624
http://www.osvdb.org/24099
http://www.osvdb.org/24100
http://www.securityfocus.com/archive/1/428667/100/0/threaded
http://www.securityfocus.com/bid/17222
http://www.vupen.com/english/advisories/2006/1085
http://www.vupen.com/english/advisories/2006/1088
https://exchange.xforce.ibmcloud.com/vulnerabilities/25417
https://exchange.xforce.ibmcloud.com/vulnerabilities/25418

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:32

Objavljeno

25-03-2006 - 00:06