CVE-2007-5473

Published: Oct 18, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.

Affected (1)

Products: Mono: Mono

Mono

1 product

Mono

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mono Mono	Up to 1.2.5.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs

Source: cve@mitre.org

http://osvdb.org/41871

Source: cve@mitre.org

http://secunia.com/advisories/27349

Source: cve@mitre.org

http://www.securityfocus.com/bid/26166

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/37341

Source: cve@mitre.org

http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs