CVE-2007-5473 - Vulnerability Details - OpenCVE

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Mono	Mono

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs
http://osvdb.org/41871
http://secunia.com/advisories/27349
http://www.securityfocus.com/bid/26166
https://exchange.xforce.ibmcloud.com/vulnerabilities/37341

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-18T18:00:00

Updated: 2024-08-07T15:31:58.818Z

Reserved: 2007-10-16T00:00:00

Link: CVE-2007-5473

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-18T18:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5473

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26166", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26166"}, {"name": "41871", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41871"}, {"name": "27349", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27349"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"}, {"name": "mono-staticfilehandler-info-disclosure(37341)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5473", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26166", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26166"}, {"name": "41871", "refsource": "OSVDB", "url": "http://osvdb.org/41871"}, {"name": "27349", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27349"}, {"name": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs", "refsource": "CONFIRM", "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"}, {"name": "mono-staticfilehandler-info-disclosure(37341)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:31:58.818Z"}, "title": "CVE Program Container", "references": [{"name": "26166", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26166"}, {"name": "41871", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41871"}, {"name": "27349", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27349"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"}, {"name": "mono-staticfilehandler-info-disclosure(37341)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5473", "datePublished": "2007-10-18T18:00:00", "dateReserved": "2007-10-16T00:00:00", "dateUpdated": "2024-08-07T15:31:58.818Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE9A924D-4CB8-4081-9C9E-FC72DB869A7E", "versionEndIncluding": "1.2.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."}, {"lang": "es", "value": "StaticFileHandler.cs en System.Web de Mono anterior a 1.2.5.2, al ser ejecutado en Windows, permite a atacantes remotos obtener el c\u00f3digo fuente de ficheros sensibles mediante una petici\u00f3n que contiene (1) un espacio o (2) un punto de seguimiento, que no es manejado adecuadamente por XSP."}], "id": "CVE-2007-5473", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-18T18:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41871"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27349"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26166"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41871"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26166"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}