Vulnerability Description
Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Northern Solutions | Xeneo Web Server | 2.2.22.0 |
References
- http://secunia.com/advisories/19325Vendor Advisory
- http://secunia.com/secunia_research/2006-20/advisory/Vendor Advisory
- http://www.osvdb.org/25283
- http://www.securityfocus.com/bid/17858
- http://www.vupen.com/english/advisories/2006/1682
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26294
- http://secunia.com/advisories/19325Vendor Advisory
- http://secunia.com/secunia_research/2006-20/advisory/Vendor Advisory
- http://www.osvdb.org/25283
- http://www.securityfocus.com/bid/17858
- http://www.vupen.com/english/advisories/2006/1682
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26294
FAQ
What is CVE-2006-2248?
CVE-2006-2248 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension.
How severe is CVE-2006-2248?
CVE-2006-2248 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2248?
Check the references section above for vendor advisories and patch information. Affected products include: Northern Solutions Xeneo Web Server.