Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2007-5473

EPSS 0.35% · P58
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-5473

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mono System.Web StaticFileHandler.cs源码泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mono是一个自由开源的项目。该项目的目标是创建一系列符合ECMA标准(Ecma-334和Ecma-335)的.NET工具,包括C#编译器和通用语言架构。 运行在Windows平台上的Mono中StaticFileHandler.cs文件没有正确地处理某些用户请求,可能导致源码泄露。 如果请求中所使用的文件名以空格或句号结束的话,Win32子系统就无法正确地处理这样的文件名,会忽略拖尾字符,允许调用的应用程序打开磁盘上的文件,即使该文件的名称不包含有请求中所使用的拖尾字符。发送上述请求就会导致XSP返回所
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2007-5473

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2007-5473

登录查看更多情报信息。

Same Patch Batch · n/a · 2007-10-18 · 94 CVEs total

CVE-2007-5546TIBCO SmartPGM FX 多个栈缓冲区溢出漏洞
CVE-2007-3102OpenSSH linux_audit_record_event函数远程登录日志注入漏洞
CVE-2002-2304MyPHPSoft MyPHPLinks SQL注入管理验证可绕过漏洞
CVE-2002-23003Com SuperStack 3 NBX FTPD远程拒绝服务攻击漏洞
CVE-2002-2299Thatware thatfile.php漏洞
CVE-2002-2298Thatware漏洞
CVE-2002-2297Thatware artlist.php远程文件包含漏洞
CVE-2002-2296YaBB YaBB.pl跨站脚本漏洞
CVE-2002-2301Lawson Financials帐户信息全局可访问漏洞
CVE-2007-5545TIBCO SmartPGM FX 格式字符串漏洞
CVE-2007-4600PTC Mathcad gzipped XML文件权限许可和访问控制漏洞
CVE-2007-5547Cisco IOS 未明跨站脚本攻击漏洞
CVE-2007-5548Cisco IOS Command EXEC 未明缓冲区溢出漏洞
CVE-2007-5549Cisco IOS Command EXEC 指令变形安全绕过漏洞
CVE-2007-5550Cisco IOS 未明版本信息泄露漏洞
CVE-2007-5551Cisco IOS 软件Off-by-one错误堆缓冲区溢出漏洞
CVE-2007-5552Cisco IOS 未明整数值溢出漏洞
CVE-2007-5554Oracle 特制的信息包信息泄露漏洞
CVE-2007-5555Symantec Altiris Deployment Solution 本地特权提升漏洞
CVE-2007-5556Avaya VoIP Handset 拒绝服务漏洞

Showing top 20 of 94 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2007-5473

No comments yet

Leave a comment