SB2011011109 - Information disclosure in mono-project.com Mono

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2010-4225)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."

Remediation

Install update from vendor's website.

References

• http://osvdb.org/70312
• http://secunia.com/advisories/42842
• http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure
• http://www.securityfocus.com/bid/45711
• http://www.vupen.com/english/advisories/2011/0051
• https://exchange.xforce.ibmcloud.com/vulnerabilities/64532