CVE-2006-6104

EPSS 15.02% · P95 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-6104

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mono XSP mod_mono模块目录遍历和源码信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Mono XSP是Mono框架下所提供的轻量级WEB服务器。 Mono/C# Web服务器xsp组件的mod_mono模块存在目录遍历漏洞，远程攻击者可以利用此漏洞获取服务器相关的敏感信息。如果攻击者能够在HTTP请求后附带%20(空格字符)的话，就会导致在返回结果中包含服务端应用程序的源码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2006-6104

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2006-6104

请登录查看更多情报信息。

Mono XSP ASP.NET Server sourcecode disclosure vulnerability - CXSecurity.comthird-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/23435third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23779third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23727third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23776third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23462third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23432third-party-advisoryx_refsource_SECUNIA
About Secunia Research | Flexerathird-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/21687vdb-entryx_refsource_BID
http://securitytracker.com/id?1017430vdb-entryx_refsource_SECTRACK
http://www.ubuntu.com/usn/usn-397-1vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2006/5099vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:234vendor-advisoryx_refsource_MANDRIVA
http://security.gentoo.org/glsa/glsa-200701-12.xmlvendor-advisoryx_refsource_GENTOO
http://fedoranews.org/cms/node/2401vendor-advisoryx_refsource_FEDORA
http://fedoranews.org/cms/node/2400vendor-advisoryx_refsource_FEDORA
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.htmlvendor-advisoryx_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2092vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/454962/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2006-6104

Same Patch Batch · n/a · 2006-12-21 · 29 CVEs total

CVE-2006-6680		Pedro Lineu Orso chetcpasswd 'chetcpasswd.allow'敏感信息泄露漏洞
CVE-2006-6678		Netrik Textarea 'form-file.c' 任意命令执行漏洞
CVE-2006-6677		NOD32 Anti-Virus .CHM文件计算错误漏洞
CVE-2006-6676		NOD32 Anti-Virus多个文件解析安全漏洞
CVE-2006-6675		Novell NetWare Welcome Web-App未明跨站脚本攻击漏洞
CVE-2006-6674		Ozeki HTTP-SMS Gateway密码信息泄露漏洞
CVE-2006-6673		WinFtp Server 长命令拒绝服务攻击
CVE-2006-6672		Burak Yylmaz Download Portal SQL注入漏洞
CVE-2006-6671		Burak Yilmaz Download Portal 'Down.ASP' SQL注入漏洞
CVE-2006-6685		Pedro Lineu Orso chetcpasswd 栈缓冲区溢出漏洞
CVE-2006-6684		Pedro Lineu Orso chetcpasswd HTTP报头缓冲区错误漏洞
CVE-2006-6683		Chetcpasswd '/etc/shadow' 安全绕过漏洞
CVE-2006-6682		Pedro Lineu Orso chetcpasswd 无效用户名请求安全信息泄露漏洞
CVE-2006-6681		Pedro Lineu Orso chetcpasswd 密码暴力破解漏洞
CVE-2006-6686		TextSend 'Sender.PHP'远程文件包含漏洞
CVE-2006-6679		Pedro Lineu Orso chetcpasswd X-Forwarded-For HTTP报头欺骗未授权访问漏洞
CVE-2002-2221		Chetcpasswd本地特权提升漏洞
CVE-2002-2220		Pedro Lineu Orso chetcpasswd缓冲区溢出漏洞
CVE-2002-2219		Chpasswd可远程访问敏感文件漏洞
CVE-2006-6695		Carsen Klock TextSend 'index.php'多个跨站脚本攻击漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2006-6104

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2006-6104

I. Basic Information for CVE-2006-6104

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2006-6104

III. Intelligence Information for CVE-2006-6104

Same Patch Batch · n/a · 2006-12-21 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2006-6104

Leave a comment