CVE-2006-1391 - OpenCVE

The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pablo Software Solutions	Baby Asp Web Server Quick And Easy Web Server

Configuration 1 [-]

OR	cpe:2.3:a:pablo_software_solutions:baby_asp_web_server:2.7.2:::::::*
	cpe:2.3:a:pablo_software_solutions:quick_and_easy_web_server:3.0.6:::::::*
	cpe:2.3:a:pablo_software_solutions:quick_and_easy_web_server:3.1.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/19306
http://secunia.com/advisories/19312
http://secunia.com/secunia_research/2006-19/advisory/
http://securityreason.com/securityalert/624
http://www.osvdb.org/24099
http://www.osvdb.org/24100
http://www.securityfocus.com/archive/1/428667/100/0/threaded
http://www.securityfocus.com/bid/17222
http://www.vupen.com/english/advisories/2006/1085
http://www.vupen.com/english/advisories/2006/1088
https://exchange.xforce.ibmcloud.com/vulnerabilities/25417
https://exchange.xforce.ibmcloud.com/vulnerabilities/25418

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-25T00:00:00

Updated: 2024-08-07T17:12:20.922Z

Reserved: 2006-03-24T00:00:00

Link: CVE-2006-1391

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-25T00:06:00.000

Modified: 2018-10-18T16:32:27.577

Link: CVE-2006-1391

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17222", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17222"}, {"name": "19312", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19312"}, {"name": "20060324 Secunia Research: Quick 'n Easy/Baby Web Server ASP CodeDisclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/428667/100/0/threaded"}, {"name": "ADV-2006-1085", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1085"}, {"name": "quickneasy-web-asp-disclosure(25418)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25418"}, {"name": "24100", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24100"}, {"name": "24099", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24099"}, {"name": "624", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/624"}, {"name": "baby-web-asp-disclosure(25417)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25417"}, {"name": "19306", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19306"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-19/advisory/"}, {"name": "ADV-2006-1088", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1088"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1391", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17222", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17222"}, {"name": "19312", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19312"}, {"name": "20060324 Secunia Research: Quick 'n Easy/Baby Web Server ASP CodeDisclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/428667/100/0/threaded"}, {"name": "ADV-2006-1085", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1085"}, {"name": "quickneasy-web-asp-disclosure(25418)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25418"}, {"name": "24100", "refsource": "OSVDB", "url": "http://www.osvdb.org/24100"}, {"name": "24099", "refsource": "OSVDB", "url": "http://www.osvdb.org/24099"}, {"name": "624", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/624"}, {"name": "baby-web-asp-disclosure(25417)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25417"}, {"name": "19306", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19306"}, {"name": "http://secunia.com/secunia_research/2006-19/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-19/advisory/"}, {"name": "ADV-2006-1088", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1088"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:20.922Z"}, "title": "CVE Program Container", "references": [{"name": "17222", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17222"}, {"name": "19312", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19312"}, {"name": "20060324 Secunia Research: Quick 'n Easy/Baby Web Server ASP CodeDisclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/428667/100/0/threaded"}, {"name": "ADV-2006-1085", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1085"}, {"name": "quickneasy-web-asp-disclosure(25418)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25418"}, {"name": "24100", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24100"}, {"name": "24099", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24099"}, {"name": "624", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/624"}, {"name": "baby-web-asp-disclosure(25417)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25417"}, {"name": "19306", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19306"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2006-19/advisory/"}, {"name": "ADV-2006-1088", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1088"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1391", "datePublished": "2006-03-25T00:00:00", "dateReserved": "2006-03-24T00:00:00", "dateUpdated": "2024-08-07T17:12:20.922Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pablo_software_solutions:baby_asp_web_server:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "A5E8A721-94EA-441D-B0F7-3E149D68376F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pablo_software_solutions:quick_and_easy_web_server:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "2D1267BA-88BC-44C2-A35F-13E40F3D45B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pablo_software_solutions:quick_and_easy_web_server:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B44A633-BD60-4EEC-A00B-31AC9378A23D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL."}], "id": "CVE-2006-1391", "lastModified": "2018-10-18T16:32:27.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-25T00:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19306"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19312"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/secunia_research/2006-19/advisory/"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/624"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24099"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.osvdb.org/24100"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/428667/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17222"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1085"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1088"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25417"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25418"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}