Main Vulnerability Database Vulnerabilities #VU45477

Information disclosure in Mono - CVE-2010-4225

Published: January 11, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45477

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2010-4225

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: mono-project.com

Affected software:
Mono

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."

How to mitigate CVE-2010-4225

Install update from vendor's website.

Sources

http://osvdb.org/70312
http://secunia.com/advisories/42842
http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure
http://www.securityfocus.com/bid/45711
http://www.vupen.com/english/advisories/2011/0051
https://exchange.xforce.ibmcloud.com/vulnerabilities/64532

Information disclosure in Mono - CVE-2010-4225

Detailed vulnerability description

How to mitigate CVE-2010-4225

Sources

Please verify you're human