Mono reveals source code of web applications
A weak point in Mono, the .NET-compatible development and runtime environment, allows attackers to have a look at an application's source code. The information thus obtained may then be useful for further attacks. The only thing hackers need to do is add the string %20 to a URL:
http://server/app/Default.aspx%20
A security advisory states that the flaw is in the class System.Web. In addition, the flaw makes it possible to access the configuration file Web.Config. Mono XSP 1.2.1 and previous versions are affected. A patch in the subversion repository remedies the problem.
- Mono XSP ASP.NET Server sourcecode disclosure vulnerability, Eazel's error report
(ehe)